ET EXPLOIT PWDump4 Password dumping exe copied to victim

SID: 2008444Rev: 30 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedJuly 26, 2019

Classificationsuspicious-filename-detect

alert tcp any any -> $HOME_NET [139,445] (msg:"ET EXPLOIT PWDump4 Password dumping exe copied to victim"; flow:to_server,established; content:"|4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 50 00 57 00 44 00 55 00 4D 00 50 00 34 00 2E 00 65 00 78 00 65|"; reference:url,xinn.org/Snort-pwdump4.html; classtype:suspicious-filename-detect; sid:2008444; rev:3; metadata:created_at 2010_07_30, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	xinn.org/Snort-pwdump4.html

Metadata

created at2010_07_30

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!