Talos Rules 2018-02-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the indicator-shellcode and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-02-03 00:25:08 UTC

Snort Subscriber Rules Update

Date: 2018-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

Modified Rules:


 * 1:37860 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

2018-02-03 00:25:08 UTC

Snort Subscriber Rules Update

Date: 2018-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)
 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

Modified Rules:


 * 1:37860 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

2018-02-03 00:25:08 UTC

Snort Subscriber Rules Update

Date: 2018-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)

Modified Rules:


 * 1:37860 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)

2018-02-03 00:25:08 UTC

Snort Subscriber Rules Update

Date: 2018-02-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)
 * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules)

Modified Rules:


 * 1:37860 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules)
 * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules)