Versions (3)
Version DetailsCurrent
Rev: 4 • Mar 31, 2022, 12:00 PMStamus Networks MS-DSAOP service - IDL_DSAExecuteScript
alert smb any any -> $HOME_NET any (msg:"Stamus Networks MS-DSAOP service - IDL_DSAExecuteScript"; flow:to_server, established; dcerpc.iface:7c44d7d4-31d5-424c-bd5e-2b3e1f323d22; dcerpc.opnum:1; flowbits:set,stamus.dsaop.service.IDL_DSAExecuteScript; metadata:lateral_key dcerpc.iface, lateral_function IDL_DSAExecuteScript, lateral_asset src_ip, stamus_classification lateral, provider Stamus, created_at 2022_03_31, updated_at 2024_08_05, source smb_lateral, signature_severity Critical; target:dest_ip; sid:3115253; rev:4; reference:url,https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-drsr/8988d95c-631b-46a4-b84e-16de204fb142; reference:url,https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata; reference:url,https://www.stamus-networks.com/blog/threat-hunting-with-the-open-lateral-movement-ruleset-for-suricata;)
Mar 31, 2022, 12:00 PM
Aug 5, 2024, 12:00 PM
Nov 14, 2022, 9:22 PM
May 29, 2025, 11:31 PM
rules/stamus-lateral.rules