Versions (6)
Version DetailsCurrent
Rev: 6 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] CoronaBlue/SMBGhost DOS/RCE Attempt (CVE-2020-0796)
alert smb any any -> any any (msg:"ATTACK [PTsecurity] CoronaBlue/SMBGhost DOS/RCE Attempt (CVE-2020-0796)"; flow:established; stream_size:both, <, 1000; content:"|FC|SMB"; depth:8; byte_test:4, >, 0x800134, 8, relative, little; reference:url, www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796; reference:cve, 2020-0796; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10005777; rev:6;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules