Rule History

SID: 10000099 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 2 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Cisco Adaptive Security Appliance 8.x SNMP overflow RCE Attempt

Rule:

alert udp any any -> any 161 (msg: "ATTACK [PTsecurity] Cisco Adaptive Security Appliance 8.x SNMP overflow RCE Attempt"; byte_jump: 1, 6; content: "|A5|"; content: "|2B 06 01 02 01 01 01|"; distance: 0; content: "|2B 06 01 04 01 09 09 83 6B 01 03 03 01 01 05 09|"; isdataat: 30,relative; reference: url, blogs.cisco.com/security/shadow-brokers; reference: cve, 2016-6366; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10000099; rev: 2;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules