🐾 - πŸ”” VMWare SLP VMwareInfrastructure service Request - Possible OpenSLP vulnerability exploit πŸ₯· - Seen in ESXi Ransomware πŸ” attacks - Make sure the source is legitimate

SID: 3300323Rev: 11 views
Sourcepawpatrules
CreatedFebruary 8, 2023
UpdatedFebruary 8, 2023
Classificationattempted-recon
alert udp any any -> any 427 (msg:"🐾 - πŸ”” VMWare SLP VMwareInfrastructure service Request - Possible OpenSLP vulnerability exploit πŸ₯· - Seen in ESXi Ransomware πŸ” attacks - Make sure the source is legitimate"; flow:to_server, stateless; content:"|02 01|"; content:"|73 65 72 76 69 63 65 3a 56 4d 77 61 72 65 49 6e 66 72 61 73 74 72 75 63 74 75 72 65|"; fast_pattern; content:"|44 45 46 41 55 4c 54|"; distance:2; reference:url,https://www.vmware.com/security/advisories/VMSA-2019-0022.html; reference:url,https://www.vmware.com/security/advisories/VMSA-2020-0023.html; reference:url,https://www.vmware.com/security/advisories/VMSA-2021-0002.html; reference:url,https://blogs.vmware.com/security/2023/02/83330.html; reference:url,https://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/; metadata:created_at 2023_02_08, updated_at 2023_02_08; sid:3300323; rev:1; classtype:attempted-recon;)

References

urlhttps://www.vmware.com/security/advisories/VMSA-2019-0022.html
urlhttps://www.vmware.com/security/advisories/VMSA-2020-0023.html
urlhttps://www.vmware.com/security/advisories/VMSA-2021-0002.html
urlhttps://blogs.vmware.com/security/2023/02/83330.html
urlhttps://www.cert.ssi.gouv.fr/alerte/CERTFR-2023-ALE-015/

Metadata

created at2023_02_08
updated at2023_02_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!