🐾 - 🚨 LLMNR query response observed 👀 - Possible Poisoning Attack 🥷 to Windows 🪟 - T1557.001

SID: 3300144Rev: 96 views
Sourcepawpatrules
CreatedJuly 16, 2022
UpdatedDecember 21, 2022
Classificationpolicy-violation
alert udp any 5355 -> any any (msg:"🐾 - 🚨 LLMNR query response observed 👀 - Possible Poisoning Attack 🥷 to Windows 🪟 - T1557.001"; flow:stateless; content:"|80 00 00 01 00 01 00 00 00 00|"; reference:url,https://www.microsoft.com/en-us/research/publication/link-local-multicast-name-resolution-llmnr/; reference:url,https://attack.mitre.org/techniques/T1557/001/; reference:url,https://www.thewindowsclub.com/disable-netbios-and-llmnr-protocols-via-gpo; metadata:created_at 2022_07_16, updated_at 2022_12_21; sid:3300144; rev:9; classtype:policy-violation;)

References

urlhttps://www.microsoft.com/en-us/research/publication/link-local-multicast-name-resolution-llmnr/
urlhttps://attack.mitre.org/techniques/T1557/001/
urlhttps://www.thewindowsclub.com/disable-netbios-and-llmnr-protocols-via-gpo

Metadata

created at2022_07_16
updated at2022_12_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!