🐾 - 🚨 DICOM ⚕ A-ASSOCIATE reject AET answer from DICOM Server on SCU request - Possible System Information Discovery 🥷 - T1082 - Suricata Rule 3301145 (pawpatrules)

🐾 - 🚨 DICOM ⚕ A-ASSOCIATE reject AET answer from DICOM Server on SCU request - Possible System Information Discovery 🥷 - T1082

SID: 3301145Rev: 55 views

Sourcepawpatrules

CreatedFebruary 25, 2024

UpdatedFebruary 25, 2024

Classificationattempted-recon

alert tcp any any -> any any (msg:"🐾 - 🚨 DICOM ⚕ A-ASSOCIATE reject AET answer from DICOM Server on SCU request - Possible System Information Discovery 🥷 - T1082"; flow:to_client, stateless; threshold:type limit, track by_src,count 1, seconds 600; content:"|03 00|"; content:"|00 00 00 04|"; distance:0; content:"|00 01 01 07|"; fast_pattern; distance:0; endswith; reference:url,https://attack.mitre.org/techniques/T1082/; metadata:created_at 2024_02_25, updated_at 2024_02_25, signature_severity Info, attack_target Server_Endpoint, affected_product DICOM_Modality, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; sid:3301145; rev:5; classtype:attempted-recon;)

References

url	https://attack.mitre.org/techniques/T1082/

Metadata

created at2024_02_25

updated at2024_02_25

signature severityInfo

attack targetServer_Endpoint

affected productDICOM_Modality

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1082

mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!