Rule History

SID: 3115478 • Source: stamus/lateral

Versions (3)

Version DetailsCurrent

Rev: 4 • Apr 3, 2022, 12:00 PM

Message:

Stamus Networks MS-SCMR service - RUnlockServiceDatabase

Rule:

alert smb any any -> $HOME_NET any (msg:"Stamus Networks MS-SCMR service - RUnlockServiceDatabase"; flow:to_server, established; dcerpc.iface:367abb81-9844-35f1-ad32-98f038001003; dcerpc.opnum:8; flowbits:set,stamus.scmr.service.RUnlockServiceDatabase; metadata:lateral_key dcerpc.iface, lateral_function RUnlockServiceDatabase, lateral_asset src_ip, stamus_classification lateral, provider Stamus, created_at 2022_04_03, updated_at 2024_08_05, source smb_lateral, signature_severity Informational; target:dest_ip; sid:3115478; rev:4; reference:url,https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/0d7a7011-9f41-470d-ad52-8535b47ac282; reference:url,https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata; reference:url,https://www.stamus-networks.com/blog/threat-hunting-with-the-open-lateral-movement-ruleset-for-suricata;)

Created:

Apr 3, 2022, 12:00 PM

Updated:

Aug 5, 2024, 12:00 PM

DB Created:

Nov 14, 2022, 9:22 PM

DB Updated:

May 29, 2025, 11:31 PM

Filename:

rules/stamus-lateral.rules