🐾 - 🚨 DICOM ⚕ A-ASSOCIATE accept answer from DICOM Server to ECHOSCU AET - Possible AET ✅ credentials found with NMAP 🥷 - T1110.002 - Suricata Rule 3301147 (pawpatrules)

🐾 - 🚨 DICOM ⚕ A-ASSOCIATE accept answer from DICOM Server to ECHOSCU AET - Possible AET ✅ credentials found with NMAP 🥷 - T1110.002

SID: 3301147Rev: 711 views

Sourcepawpatrules

CreatedFebruary 25, 2024

UpdatedFebruary 25, 2024

Classificationcredential-theft

alert tcp any any -> any any (msg:"🐾 - 🚨 DICOM ⚕ A-ASSOCIATE accept answer from DICOM Server to ECHOSCU AET - Possible AET ✅ credentials found with NMAP 🥷 - T1110.002"; flow:to_client, stateless; content:"|02 00 00 00 00 b8|"; content:"|00 01 00 00|"; content:!"|41 4e 59 2d 53 43 50 20 20 20 20 20 20 20 20 20|"; distance:0; content:"|00 01 00 00|"; content:"|45 43 48 4f 53 43 55 20 20 20 20 20 20 20 20 20|"; distance:16; content:"|10 00 00 15 31 2e 32 2e 38 34 30 2e 31 30 30 30 38 2e 33 2e 31 2e 31 2e 31|"; fast_pattern; distance:32; reference:url,https://attack.mitre.org/techniques/T1110/002/; reference:url,https://nmap.org/nsedoc/scripts/dicom-brute.html; metadata:created_at 2024_02_25, updated_at 2024_02_25, signature_severity Major, attack_target Server_Endpoint, affected_product DICOM_Modality, mitre_tactic_id TA0006, mitre_tactic_name Credential_Access, mitre_technique_id T1110.002, mitre_technique_name Brute_Force_Password_Cracking; sid:3301147; rev:7; classtype:credential-theft;)

References

url	https://attack.mitre.org/techniques/T1110/002/
url	https://nmap.org/nsedoc/scripts/dicom-brute.html

Metadata

created at2024_02_25

updated at2024_02_25

signature severityMajor

attack targetServer_Endpoint

affected productDICOM_Modality

mitre tactic idTA0006

mitre tactic nameCredential_Access

mitre technique idT1110.002

mitre technique nameBrute_Force_Password_Cracking

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!