🐾 - 🔔 Remote DCOM Execute Shell Command - Possible Lateral Movement 🥷 - T1021.003

SID: 3300307Rev: 50 views
Sourcepawpatrules
CreatedDecember 8, 2021
UpdatedNovember 3, 2022
Classificationattempted-recon
alert tcp any any -> $HOME_NET any (msg:"🐾 - 🔔 Remote DCOM Execute Shell Command - Possible Lateral Movement 🥷 - T1021.003"; flow:stateless,to_server; content:!"S|00|Q|00|L|00|C|00|m|00|d|00|P|00|a|00|r|00|s|00|e|00|r|00|E|00|x|00|e|00|c|00|u|00|t|00|e|00|r"; content:"|00|E|00|x|00|e|00|c|00|u|00|t|00|e|00|S|00|h|00|e|00|l|00|l|00|C|00|o|00|m|00|m|00|a|00|n|00|d|00|"; fast_pattern; reference:url,https://attack.mitre.org/techniques/T1021/003/; metadata:created_at 2021_12_08, updated_at 2022_11_03; sid:3300307; rev:5; classtype:attempted-recon;)

References

urlhttps://attack.mitre.org/techniques/T1021/003/

Metadata

created at2021_12_08
updated at2022_11_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!