Versions (4)
Version DetailsCurrent
Rev: 2 • Jun 24, 2025, 4:00 PMATTACK AD [PTsecurity] Krbrelayx Malicious DNS Resolve to Kerberos Relay
alert udp any any -> any 5355 (msg: "ATTACK AD [PTsecurity] Krbrelayx Malicious DNS Resolve to Kerberos Relay"; flow: to_server; content: "1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; nocase; content: "YBAAAA"; distance: 0; nocase; reference: url, https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10012800; rev: 2;)
Jun 24, 2025, 4:00 PM
Jun 24, 2025, 4:00 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-windows.rules