Versions (3)
Version DetailsCurrent
Rev: 2 • Jan 28, 2022, 12:00 PMET ATTACK_RESPONSE Apache Spark RPC - Unauthenticated RegisterApplication - Successfully Registered (CVE-2020-9480)
alert tcp-pkt $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Apache Spark RPC - Unauthenticated RegisterApplication - Successfully Registered (CVE-2020-9480)"; flow:established,to_client; flowbits:isset,ET.ApacheSpark_UnauthRegisterApplication; content:"org.apache.spark.deploy.DeployMessages$RegisteredApplication"; fast_pattern; reference:cve,2020-9480; reference:url,www.youtube.com/watch?v=EAzdGo-i8vE; reference:url,github.com/ayoul3/sparky/; classtype:successful-admin; sid:2035004; rev:2; metadata:attack_target Server, created_at 2022_01_28, cve CVE_2020_9480, deployment Internal, deployment Datacenter, confidence Medium, signature_severity Major, updated_at 2022_01_28;)
Jan 28, 2022, 12:00 PM
Jan 28, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-attack_response.rules