Talos Rules 2017-08-08
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the exploit-kit and os-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-08-09 02:26:00 UTC

Snort Subscriber Rules Update

Date: 2017-08-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43885 <-> DISABLED <-> EXPLOIT-KIT Exploit Kit malicious redirection attempt (exploit-kit.rules)
 * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)

Modified Rules:


 * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules)
 * 3:39775 <-> ENABLED <-> EXPLOIT-KIT malicious Javascript detected via experimental RBF classifier (exploit-kit.rules)

2017-08-09 02:26:00 UTC

Snort Subscriber Rules Update

Date: 2017-08-08

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43885 <-> DISABLED <-> EXPLOIT-KIT Exploit Kit malicious redirection attempt (exploit-kit.rules)
 * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules)
 * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)
 * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules)

Modified Rules:


 * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules)
 * 3:39775 <-> ENABLED <-> EXPLOIT-KIT malicious Javascript detected via experimental RBF classifier (exploit-kit.rules)