Versions (2)
Version DetailsCurrent
Rev: 7 • Apr 28, 2012, 12:00 PMET EXPLOIT RuggedCom factory account backdoor
alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (msg:"ET EXPLOIT RuggedCom factory account backdoor"; flow:established,to_server; flowbits:isset,ET.RUGGED.BANNER; content:"factory"; pcre:"/factory[\r\n\x00]+[0-9]{9}/"; reference:url,www.exploit-db.com/exploits/18779/; reference:url,arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars; classtype:suspicious-login; sid:2014646; rev:7; metadata:attack_target Networking_Equipment, created_at 2012_04_28, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, updated_at 2023_04_24;)Apr 28, 2012, 12:00 PM
Apr 24, 2023, 12:00 PM
Apr 28, 2012, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-exploit.rules