Talos Rules 2017-07-03
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-07-03 21:21:35 UTC

Snort Subscriber Rules Update

Date: 2017-07-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43441 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial validate_credentials SQL injection attempt (server-webapp.rules)
 * 1:43439 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial go_get_user_info SQL injection attempt (server-webapp.rules)
 * 1:43440 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial validate_credentials SQL injection attempt (server-webapp.rules)
 * 1:43437 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial cpanel command injection attempt (server-webapp.rules)
 * 1:43438 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial cpanel command injection attempt (server-webapp.rules)
 * 1:43435 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server cross site scripting attempt (server-webapp.rules)
 * 1:43436 <-> DISABLED <-> SERVER-WEBAPP GE Fanuc Real Time Information Portal arbitrary file write attempt (server-webapp.rules)
 * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules)
 * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules)
 * 1:43444 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules)
 * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules)

Modified Rules:



2017-07-03 21:21:35 UTC

Snort Subscriber Rules Update

Date: 2017-07-03

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43444 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules)
 * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules)
 * 1:43441 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial validate_credentials SQL injection attempt (server-webapp.rules)
 * 1:43440 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial validate_credentials SQL injection attempt (server-webapp.rules)
 * 1:43439 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial go_get_user_info SQL injection attempt (server-webapp.rules)
 * 1:43438 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial cpanel command injection attempt (server-webapp.rules)
 * 1:43437 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial cpanel command injection attempt (server-webapp.rules)
 * 1:43436 <-> DISABLED <-> SERVER-WEBAPP GE Fanuc Real Time Information Portal arbitrary file write attempt (server-webapp.rules)
 * 1:43435 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server cross site scripting attempt (server-webapp.rules)
 * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules)
 * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules)

Modified Rules: