🐾 - 🔔 Potential LDAP Brute Force Attack or Scan on default port from local network - Possible Lateral Movement 🥷 - T1110

SID: 3300315Rev: 54 views
Sourcepawpatrules
CreatedMay 19, 2022
UpdatedNovember 17, 2023
Classificationattempted-recon
alert tcp $HOME_NET any -> any 389 (msg:"🐾 - 🔔 Potential LDAP Brute Force Attack or Scan on default port from local network - Possible Lateral Movement 🥷 - T1110"; flow:to_server; flags:S,12; threshold:type threshold, track by_src, count 80, seconds 60; reference:url,https://en.wikipedia.org/wiki/Brute-force_attack; reference:url,https://attack.mitre.org/techniques/T1110/; classtype:attempted-recon; sid:3300315; rev:5; metadata:created_at 2022_05_19, updated_at 2023_11_17;)

References

urlhttps://en.wikipedia.org/wiki/Brute-force_attack
urlhttps://attack.mitre.org/techniques/T1110/

Metadata

created at2022_05_19
updated at2023_11_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!