ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host - Suricata Rule 2009581 (et/open)

ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host

SID: 2009581Rev: 40 views

Sourceet/open

CreatedJuly 30, 2010

UpdatedJuly 26, 2019

Classificationsuccessful-admin

alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; fast_pattern; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; sid:2009581; rev:4; metadata:affected_product Any, attack_target Client_and_Server, created_at 2010_07_30, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2019_07_26;)

Metadata

affected productAny

attack targetClient_and_Server

created at2010_07_30

deploymentDatacenter

signature severityCritical

tagMetasploit

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!