Rule Update

15-036 (December 8, 2015)


  DESCRIPTION

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DNS Server
1007137* - PowerDNS Recursor Remote Denial Of Service Vulnerability (CVE-2014-3614)


Mail Client Windows
1007203 - TMTR-0002: PRORAT SMTP Request


Microsoft Office
1006624* - Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
1007279 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6040)
1007280 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6118)
1007281 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6122)
1007282 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6124)
1007283 - Microsoft Office Memory Corruption Vulnerability (CVE-2015-6177)
1007291 - Microsoft Office Multiple Insecure Library Loading Vulnerabilities
1007251 - Microsoft Office Remote Code Execution Vulnerability (CVE-2015-6172)


Suspicious Client Application Activity
1007181 - TMTR-0001: PRORAT HTTP Request
1007182 - TMTR-0003: PRORAT HTTP Request
1005294* - TMTR-0004: GHOST RAT HTTP Request
1007197 - TMTR-0005: GHOST RAT TCP Connection Detected
1007184 - TMTR-0006: BUTERAT HTTP Request
1007186 - TMTR-0007: STRAT HTTP Request
1007199 - TMTR-0008: STRAT HTTP Request
1007198 - TMTR-0009: STRAT HTTP Request
1007200 - TMTR-0010: FAKEM RAT TCP Connection
1007201 - TMTR-0011: FAKEM RAT TCP Request
1007205 - TMTR-0012: FAKEM RAT TCP Connection
1007206 - TMTR-0013: FAKEMRAT HTTP Request
1007207 - TMTR-0014: NJRAT TCP Connection
1007202 - TMTR-0015: PSYRAT HTTP Request
1007208 - TMTR-0016: SPLINTER RAT TCP Connection
1007209 - TMTR-0017: ZIYAZO RAT BKDR Connection


Web Client Common
1006824* - Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability
1006903* - Adobe Font Driver Memory Corruption Vulnerability (CVE-2015-2426)
1007063* - Foxit Reader PNG Conversion Arbitrary Code Execution Vulnerability
1007119* - Identified Malicious Adobe Flash SWF File - 2
1007277 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6106)
1007249 - Microsoft Windows Graphics Memory Corruption Vulnerability (CVE-2015-6107)
1007250 - Microsoft Windows Integer Underflow Vulnerability (CVE-2015-6130)
1007284 - Microsoft Windows Library Loading Elevation Of Privilege Vulnerability (CVE-2015-6133)
1007287 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6128)
1007288 - Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132)
1007285 - Microsoft Windows Media Center Information Disclosure Vulnerability (CVE-2015-6127)
1007047* - Windows Media Center Remote Code Execution Vulnerability


Web Client Internet Explorer/Edge
1007276 - Microsoft Edge Elevation of Privilege Vulnerability (CVE-2015-6170)
1007248 - Microsoft Edge Memory Corruption Vulnerability (CVE-2015-6168)
1007227 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6140)
1007229 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6142)
1007234 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6148)
1007239 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6153)
1007240 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6154)
1007241 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6155)
1007243 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6158)
1007244 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2015-6159)
1007275 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2015-6157)
1007147* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6075)
1007224 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6083)
1007273 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6134)
1007228 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6141)
1007230 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6143)
1007231 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6145)
1007232 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6146)
1007233 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6147)
1007235 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6149)
1007236 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6150)
1007238 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6152)
1007242 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6156)
1007245 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6160)
1007246 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-6162)
1007274 - Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CVE-2015-6135)
1007225 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2015-6136)
1007237 - Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CVE-2015-6151)


Web Client SSL
1005040* - Identified Revoked Certificate Authority In SSL Traffic


Web Server Common
1007185* - Java Unserialize Remote Code Execution Vulnerability


Web Server IIS
1004396* - IIS Repeated Parameter Request Denial Of Service Vulnerability


Web Server SAP
1004831* - SAP Management Console OSExecute Payload Execution


Windows Services RPC Server
1007064* - Executable File Uploaded On System32 Folder Through SMB Share
1006906* - Identified Usage Of PsExec Command Line Tool


Integrity Monitoring Rules:

1006802* - TMTR-0003: Suspicious Files Detected In Operating System Directories
1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories
1006682* - TMTR-0008: Suspicious Files Detected In Application Directories
1007210 - TMTR-0018: Suspicious Files Detected In User Profile Directory
1007214 - TMTR-0019: Suspicious Files Detected In System Drivers Directory
1007215 - TMTR-0020: Suspicious Directories Detected In System Drive
1007216 - TMTR-0021: Suspicious Files Detected In System Drive
1007217 - TMTR-0022: Suspicious Files Detected In Recycle Bin
1007218 - TMTR-0023: Suspicious Changes In NTLM Settings
1007219 - TMTR-0024: Suspicious Files Detected In C Drive
1007221 - TMTR-0026: Suspicious Files Detected In Program FIles Folder


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.