ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - Crashdump Display - Suricata Rule 2048639 (et/open)

ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - Crashdump Display

SID: 2048639Rev: 12 viewsHistory

Sourceet/open

CreatedOctober 18, 2023

UpdatedOctober 18, 2023

Classificationweb-application-activity

alert http any any -> $HOME_NET any (msg:"ET SCADA [nsacyber/ELITEWOLF] Allen-Bradley/Rockwell Automation Information Disclosure Attempt - Crashdump Display"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/rokform/advancedDiags?pagereq=crash"; fast_pattern; reference:url,github.com/nsacyber/ELITEWOLF; classtype:web-application-activity; sid:2048639; rev:1; metadata:affected_product Allen_Bradley_Rockwell_Automation_Series, attack_target ICS, created_at 2023_10_18, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Minor, updated_at 2023_10_18, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)

References

url	github.com/nsacyber/ELITEWOLF

Metadata

affected productAllen_Bradley_Rockwell_Automation_Series

attack targetICS

created at2023_10_18

deploymentInternal

performance impactLow

confidenceHigh

signature severityMinor

updated at2023_10_18

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1082

mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!