Rule History

SID: 10003982 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Webexservice Service Probe (CVE-2018-15442)

Rule:

alert smb any any -> any 445 (msg: "ATTACK [PTsecurity] Webexservice Service Probe (CVE-2018-15442)"; flow: established, to_server, no_stream; content: "SMB"; depth: 8; content: "|05 00 00|"; distance: 0; content: "|10 00|"; distance: 19; within: 3; content: "w|00|e|00|b|00|e|00|x|00|s|00|e|00|r|00|v|00|i|00|c|00|e|000000|"; nocase; distance: 0; flowbits: set, CVE.2018-15442.Probe; reference: url, webexec.org; reference: cve, 2018-15442; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10003982; rev: 1;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules