Versions (3)
Version DetailsCurrent
Rev: 3 • Jun 8, 2020, 12:00 PMET DELETED Possible Attempted SMB RCE Exploitation M1 (CVE-2020-0796)
alert smb any any -> $HOME_NET any (msg:"ET DELETED Possible Attempted SMB RCE Exploitation M1 (CVE-2020-0796)"; flow:established,to_server; content:"|41 8B 47 3C 4C 01 F8 8B 80 88 00 00 00 4C 01 F8 50|"; fast_pattern; reference:url,github.com/chompie1337/SMBGhost_RCE_PoC; reference:cve,2020-0796; classtype:attempted-admin; sid:2030263; rev:3; metadata:affected_product SMBv3, created_at 2020_06_08, deployment Perimeter, deployment Internal, performance_impact Low, signature_severity Major, tag SMBGhost, tag CISA_KEV, updated_at 2021_07_29;)
Jun 8, 2020, 12:00 PM
Jul 29, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-deleted.rules