ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host
Sourceet/open
CreatedJuly 30, 2010
UpdatedJuly 26, 2019
Classificationsuccessful-admin
alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; sid:2010454; rev:3; metadata:affected_product Any, attack_target Client_and_Server, created_at 2010_07_30, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, confidence High, signature_severity Critical, tag Metasploit, updated_at 2019_07_26;)
Metadata
affected productAny
attack targetClient_and_Server
created at2010_07_30
deploymentDatacenter
confidenceHigh
signature severityCritical
tagMetasploit
updated at2019_07_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!