🐾 - 🔔 VMWare SLP VMwareInfrastructure service Reply - Possible OpenSLP vulnerability exploit 🥷 - Seen in ESXi Ransomware 🔐 attacks - Make sure the destination is legitimate - Suricata Rule 3300322 (pawpatrules)

🐾 - 🔔 VMWare SLP VMwareInfrastructure service Reply - Possible OpenSLP vulnerability exploit 🥷 - Seen in ESXi Ransomware 🔐 attacks - Make sure the destination is legitimate

SID: 3300322Rev: 50 views

Sourcepawpatrules

CreatedFebruary 5, 2023

UpdatedFebruary 7, 2023

Classificationattempted-recon

alert udp any 427 -> any any (msg:"🐾 - 🔔 VMWare SLP VMwareInfrastructure service Reply - Possible OpenSLP vulnerability exploit 🥷 - Seen in ESXi Ransomware 🔐 attacks - Make sure the destination is legitimate"; flow:to_client, stateless; content:"|02 02|"; content:"|73 65 72 76 69 63 65 3a 56 4d 77 61 72 65 49 6e 66 72 61 73 74 72 75 63 74 75 72 65 3a 2f 2f|"; fast_pattern; reference:url,https://www.vmware.com/security/advisories/VMSA-2019-0022.html; reference:url,https://www.vmware.com/security/advisories/VMSA-2020-0023.html; reference:url,https://www.vmware.com/security/advisories/VMSA-2021-0002.html; reference:url,https://blogs.vmware.com/security/2023/02/83330.html; reference:url,https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/; metadata:created_at 2023_02_05, updated_at 2023_02_07; sid:3300322; rev:5; classtype:attempted-recon;)

References

url	https://www.vmware.com/security/advisories/VMSA-2019-0022.html
url	https://www.vmware.com/security/advisories/VMSA-2020-0023.html
url	https://www.vmware.com/security/advisories/VMSA-2021-0002.html
url	https://blogs.vmware.com/security/2023/02/83330.html
url	https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/

🐾 - 🔔 VMWare SLP VMwareInfrastructure service Reply - Possible OpenSLP vulnerability exploit 🥷 - Seen in ESXi Ransomware 🔐 attacks - Make sure the destination is legitimate

References

Metadata

Comments (0)