Versions (6)
Version DetailsCurrent
Rev: 5 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] CoronaBlue/SMBGhost DOS/RCE Attempt (CVE-2020-0796)
alert smb any any -> any any (msg: "ATTACK [PTsecurity] CoronaBlue/SMBGhost DOS/RCE Attempt (CVE-2020-0796)"; flow: established; content: "|FC|SMB"; depth: 8; byte_test: 4, >, 0x800134, 0, relative, little; reference: url, www.mcafee.com/blogs/other-blogs/mcafee-labs/smbghost-analysis-of-cve-2020-0796; reference: cve, 2020-0796; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10005778; rev: 5;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules