Talos Rules 2017-04-06
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-flash, file-image, file-office, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2976

2017-04-06 17:04:24 UTC

Snort Subscriber Rules Update

Date: 2017-04-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.winappupdater.com - Win.Trojan.Ismdoor (blacklist.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules)
 * 1:42134 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules)
 * 1:42135 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules)
 * 1:42136 <-> DISABLED <-> SERVER-WEBAPP Infinite Automation Mango Automation info leak attempt (server-webapp.rules)
 * 1:42129 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 3:42147 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules)
 * 3:42138 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0302 attack attempt (file-office.rules)
 * 3:42137 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0302 attack attempt (file-office.rules)
 * 3:42139 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules)
 * 3:42140 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2016-0244 attack attempt (file-image.rules)
 * 3:42146 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules)
 * 3:42145 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules)
 * 3:42144 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules)
 * 3:42141 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2016-0244 attack attempt (file-image.rules)
 * 3:42143 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules)
 * 3:42142 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules)

Modified Rules:


 * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:37919 <-> ENABLED <-> EXPLOIT-KIT Gong da exploit kit landing page (exploit-kit.rules)
 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 3:17251 <-> ENABLED <-> FILE-OFFICE Outlook RTF remote code execution attempt (file-office.rules)
 * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41727 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0292 attack attempt (file-office.rules)
 * 3:13790 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules)
 * 3:15465 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed object record remote code execution attempt (file-office.rules)
 * 3:15498 <-> ENABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules)
 * 3:42009 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules)
 * 3:42008 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules)
 * 3:41512 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-2783 attack attempt (file-office.rules)
 * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41765 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0286 attack attempt (file-office.rules)
 * 3:16662 <-> ENABLED <-> FILE-OFFICE Microsoft Excel SxView heap overflow attempt (file-office.rules)
 * 3:16230 <-> ENABLED <-> FILE-OFFICE Microsoft Excel oversized ib memory corruption attempt (file-office.rules)
 * 3:16649 <-> ENABLED <-> FILE-OFFICE Microsoft Excel HFPicture record stack buffer overflow attempt (file-office.rules)
 * 3:41726 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0292 attack attempt (file-office.rules)
 * 3:15521 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ExternSheet record remote code execution attempt (file-office.rules)
 * 3:15519 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules)
 * 3:17665 <-> ENABLED <-> FILE-OFFICE OpenOffice Word document table parsing multiple heap based buffer overflow attempt (file-office.rules)
 * 3:17762 <-> ENABLED <-> FILE-OFFICE Microsoft Excel corrupted TABLE record clean up exploit attempt (file-office.rules)
 * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:41766 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0286 attack attempt (file-office.rules)
 * 3:18063 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 3:18676 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules)
 * 3:15454 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules)
 * 3:41760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0290 attack attempt (file-office.rules)
 * 3:41759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0290 attack attempt (file-office.rules)
 * 3:41704 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt (file-office.rules)
 * 3:15365 <-> ENABLED <-> FILE-OFFICE Microsoft Excel extrst record arbitrary code excecution attempt (file-office.rules)
 * 3:15125 <-> ENABLED <-> FILE-OFFICE Microsoft Word rich text file unpaired dpendgroup exploit attempt (file-office.rules)
 * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:41511 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-2783 attack attempt (file-office.rules)
 * 3:15298 <-> ENABLED <-> FILE-OFFICE Microsoft Visio could allow remote code execution (file-office.rules)
 * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules)
 * 3:13969 <-> ENABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 3:40930 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0208 attack attempt (file-office.rules)
 * 3:15117 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed OBJ record arbitrary code execution attempt (file-office.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
 * 3:13582 <-> ENABLED <-> FILE-OFFICE Microsoft Excel sst record arbitrary code execution attempt (file-office.rules)
 * 3:40928 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0207 attack attempt (file-office.rules)
 * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules)
 * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules)
 * 3:40932 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0209 attack attempt (file-office.rules)
 * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:41468 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules)
 * 3:40927 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0207 attack attempt (file-office.rules)
 * 3:40931 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0209 attack attempt (file-office.rules)
 * 3:18949 <-> ENABLED <-> FILE-OFFICE PowerPoint malformed RecolorInfoAtom exploit attempt (file-office.rules)
 * 3:22089 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules)
 * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules)
 * 3:40929 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0208 attack attempt (file-office.rules)
 * 3:41703 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt (file-office.rules)
 * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41754 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0291 attack attempt (file-office.rules)
 * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41753 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0291 attack attempt (file-office.rules)
 * 3:41469 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules)
 * 3:13469 <-> ENABLED <-> FILE-OFFICE Microsoft Word ole stream memory corruption attempt (file-office.rules)

2983

2017-04-06 17:04:24 UTC

Snort Subscriber Rules Update

Date: 2017-04-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.winappupdater.com - Win.Trojan.Ismdoor (blacklist.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules)
 * 1:42134 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules)
 * 1:42135 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules)
 * 1:42136 <-> DISABLED <-> SERVER-WEBAPP Infinite Automation Mango Automation info leak attempt (server-webapp.rules)
 * 1:42128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 3:42145 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules)
 * 3:42140 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2016-0244 attack attempt (file-image.rules)
 * 3:42146 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules)
 * 3:42147 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules)
 * 3:42138 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0302 attack attempt (file-office.rules)
 * 3:42139 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules)
 * 3:42137 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0302 attack attempt (file-office.rules)
 * 3:42142 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules)
 * 3:42143 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules)
 * 3:42141 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2016-0244 attack attempt (file-image.rules)
 * 3:42144 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules)

Modified Rules:


 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:37919 <-> ENABLED <-> EXPLOIT-KIT Gong da exploit kit landing page (exploit-kit.rules)
 * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 3:41760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0290 attack attempt (file-office.rules)
 * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41511 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-2783 attack attempt (file-office.rules)
 * 3:41512 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-2783 attack attempt (file-office.rules)
 * 3:41468 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules)
 * 3:41469 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules)
 * 3:40931 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0209 attack attempt (file-office.rules)
 * 3:40932 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0209 attack attempt (file-office.rules)
 * 3:40929 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0208 attack attempt (file-office.rules)
 * 3:40930 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0208 attack attempt (file-office.rules)
 * 3:40927 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0207 attack attempt (file-office.rules)
 * 3:40928 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0207 attack attempt (file-office.rules)
 * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules)
 * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules)
 * 3:18949 <-> ENABLED <-> FILE-OFFICE PowerPoint malformed RecolorInfoAtom exploit attempt (file-office.rules)
 * 3:22089 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules)
 * 3:18676 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules)
 * 3:17762 <-> ENABLED <-> FILE-OFFICE Microsoft Excel corrupted TABLE record clean up exploit attempt (file-office.rules)
 * 3:18063 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 3:17665 <-> ENABLED <-> FILE-OFFICE OpenOffice Word document table parsing multiple heap based buffer overflow attempt (file-office.rules)
 * 3:17251 <-> ENABLED <-> FILE-OFFICE Outlook RTF remote code execution attempt (file-office.rules)
 * 3:16662 <-> ENABLED <-> FILE-OFFICE Microsoft Excel SxView heap overflow attempt (file-office.rules)
 * 3:16649 <-> ENABLED <-> FILE-OFFICE Microsoft Excel HFPicture record stack buffer overflow attempt (file-office.rules)
 * 3:15454 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules)
 * 3:15365 <-> ENABLED <-> FILE-OFFICE Microsoft Excel extrst record arbitrary code excecution attempt (file-office.rules)
 * 3:15125 <-> ENABLED <-> FILE-OFFICE Microsoft Word rich text file unpaired dpendgroup exploit attempt (file-office.rules)
 * 3:15298 <-> ENABLED <-> FILE-OFFICE Microsoft Visio could allow remote code execution (file-office.rules)
 * 3:15117 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed OBJ record arbitrary code execution attempt (file-office.rules)
 * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules)
 * 3:13582 <-> ENABLED <-> FILE-OFFICE Microsoft Excel sst record arbitrary code execution attempt (file-office.rules)
 * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
 * 3:13969 <-> ENABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 3:15465 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed object record remote code execution attempt (file-office.rules)
 * 3:15498 <-> ENABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules)
 * 3:15519 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules)
 * 3:15521 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ExternSheet record remote code execution attempt (file-office.rules)
 * 3:16230 <-> ENABLED <-> FILE-OFFICE Microsoft Excel oversized ib memory corruption attempt (file-office.rules)
 * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41726 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0292 attack attempt (file-office.rules)
 * 3:41766 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0286 attack attempt (file-office.rules)
 * 3:41703 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt (file-office.rules)
 * 3:42009 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules)
 * 3:41727 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0292 attack attempt (file-office.rules)
 * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:41765 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0286 attack attempt (file-office.rules)
 * 3:42008 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules)
 * 3:41704 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt (file-office.rules)
 * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0290 attack attempt (file-office.rules)
 * 3:41754 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0291 attack attempt (file-office.rules)
 * 3:13790 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules)
 * 3:13469 <-> ENABLED <-> FILE-OFFICE Microsoft Word ole stream memory corruption attempt (file-office.rules)
 * 3:41753 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0291 attack attempt (file-office.rules)

2990

2017-04-06 17:04:24 UTC

Snort Subscriber Rules Update

Date: 2017-04-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42136 <-> DISABLED <-> SERVER-WEBAPP Infinite Automation Mango Automation info leak attempt (server-webapp.rules)
 * 1:42135 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules)
 * 1:42134 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules)
 * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules)
 * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules)
 * 1:42130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.winappupdater.com - Win.Trojan.Ismdoor (blacklist.rules)
 * 1:42129 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 3:42141 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2016-0244 attack attempt (file-image.rules)
 * 3:42139 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules)
 * 3:42140 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2016-0244 attack attempt (file-image.rules)
 * 3:42137 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0302 attack attempt (file-office.rules)
 * 3:42138 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0302 attack attempt (file-office.rules)
 * 3:42146 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules)
 * 3:42147 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules)
 * 3:42145 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules)
 * 3:42144 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules)
 * 3:42143 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules)
 * 3:42142 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules)

Modified Rules:


 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules)
 * 1:37919 <-> ENABLED <-> EXPLOIT-KIT Gong da exploit kit landing page (exploit-kit.rules)
 * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42009 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules)
 * 3:42008 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules)
 * 3:41766 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0286 attack attempt (file-office.rules)
 * 3:41765 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0286 attack attempt (file-office.rules)
 * 3:41760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0290 attack attempt (file-office.rules)
 * 3:41759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0290 attack attempt (file-office.rules)
 * 3:41754 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0291 attack attempt (file-office.rules)
 * 3:41753 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0291 attack attempt (file-office.rules)
 * 3:41727 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0292 attack attempt (file-office.rules)
 * 3:41726 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0292 attack attempt (file-office.rules)
 * 3:41704 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt (file-office.rules)
 * 3:41703 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0197 TALOS-2017-0288 attack attempt (file-office.rules)
 * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41512 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-2783 attack attempt (file-office.rules)
 * 3:41511 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-2783 attack attempt (file-office.rules)
 * 3:41469 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules)
 * 3:41468 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules)
 * 3:40932 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0209 attack attempt (file-office.rules)
 * 3:40931 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0209 attack attempt (file-office.rules)
 * 3:40930 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0208 attack attempt (file-office.rules)
 * 3:40929 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0208 attack attempt (file-office.rules)
 * 3:40928 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0207 attack attempt (file-office.rules)
 * 3:40927 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2016-0207 attack attempt (file-office.rules)
 * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
 * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules)
 * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules)
 * 3:22089 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules)
 * 3:18949 <-> ENABLED <-> FILE-OFFICE PowerPoint malformed RecolorInfoAtom exploit attempt (file-office.rules)
 * 3:18676 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules)
 * 3:18063 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules)
 * 3:17762 <-> ENABLED <-> FILE-OFFICE Microsoft Excel corrupted TABLE record clean up exploit attempt (file-office.rules)
 * 3:17665 <-> ENABLED <-> FILE-OFFICE OpenOffice Word document table parsing multiple heap based buffer overflow attempt (file-office.rules)
 * 3:17251 <-> ENABLED <-> FILE-OFFICE Outlook RTF remote code execution attempt (file-office.rules)
 * 3:16662 <-> ENABLED <-> FILE-OFFICE Microsoft Excel SxView heap overflow attempt (file-office.rules)
 * 3:16230 <-> ENABLED <-> FILE-OFFICE Microsoft Excel oversized ib memory corruption attempt (file-office.rules)
 * 3:16649 <-> ENABLED <-> FILE-OFFICE Microsoft Excel HFPicture record stack buffer overflow attempt (file-office.rules)
 * 3:15521 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ExternSheet record remote code execution attempt (file-office.rules)
 * 3:15519 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules)
 * 3:15498 <-> ENABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules)
 * 3:15465 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed object record remote code execution attempt (file-office.rules)
 * 3:15454 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules)
 * 3:15365 <-> ENABLED <-> FILE-OFFICE Microsoft Excel extrst record arbitrary code excecution attempt (file-office.rules)
 * 3:15298 <-> ENABLED <-> FILE-OFFICE Microsoft Visio could allow remote code execution (file-office.rules)
 * 3:15125 <-> ENABLED <-> FILE-OFFICE Microsoft Word rich text file unpaired dpendgroup exploit attempt (file-office.rules)
 * 3:15117 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed OBJ record arbitrary code execution attempt (file-office.rules)
 * 3:13969 <-> ENABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules)
 * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules)
 * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules)
 * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules)
 * 3:13582 <-> ENABLED <-> FILE-OFFICE Microsoft Excel sst record arbitrary code execution attempt (file-office.rules)
 * 3:13469 <-> ENABLED <-> FILE-OFFICE Microsoft Word ole stream memory corruption attempt (file-office.rules)
 * 3:13790 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules)