Rule History

alert tcp-pkt any any -> any any (msg:"ET INFO [401TRG] RPCNetlogon UUID (CVE-2020-1472) (Set)"; flow:established,to_server; content:"|05 00 0B|"; depth:3; content:"|78 56 34 12 34 12 cd ab ef 00 01 23 45 67 cf fb|"; distance:0; flowbits:set,dcerpc.rpcnetlogon; flowbits:noalert; reference:cve,2020-1472; classtype:misc-activity; sid:2030888; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Server, created_at 2020_09_18, cve CVE_2020_1472, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_18;)