🐾 - 🔔 DCERPC - Last Shutdown request to 🪟 - Possible System Information Discovery 🥷 - T1082

SID: 3300332Rev: 12 views
Sourcepawpatrules
CreatedJuly 30, 2023
UpdatedJuly 30, 2023
Classificationattempted-recon
alert tcp-pkt any any -> $HOME_NET any (msg:"🐾 - 🔔 DCERPC - Last Shutdown request to 🪟 - Possible System Information Discovery 🥷 - T1082"; flow:to_server, stateless; content:"|05 00 00 83|"; content:"|5f 5f 50 41 52 41 4d 45 54 45 52 53 00 00 53 59 53 54 45 4d 5c 43 6f 6e 74 72 6f 6c 53 65 74 30 30 31 5c 43 6f 6e 74 72 6f 6c 5c 57 69 6e 64 6f 77 73 00 00 53 68 75 74 64 6f 77 6e 54 69 6d 65|"; fast_pattern; reference:url,https://attack.mitre.org/techniques/T1082/; reference:url,https://github.com/GhostPack/Seatbelt#remote-enumeration; metadata:created_at 2023_07_30, updated_at 2023_07_30; sid:3300332; rev:1; classtype:attempted-recon;)

References

urlhttps://attack.mitre.org/techniques/T1082/
urlhttps://github.com/GhostPack/Seatbelt#remote-enumeration

Metadata

created at2023_07_30
updated at2023_07_30

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!