🐾 - 🚨 DICOM ⚕ Server accept any AET - Possible unsecure service found with NMAP 🥷 - T1201 - Suricata Rule 3301148 (pawpatrules)

🐾 - 🚨 DICOM ⚕ Server accept any AET - Possible unsecure service found with NMAP 🥷 - T1201

SID: 3301148Rev: 121 views

Sourcepawpatrules

CreatedFebruary 25, 2024

UpdatedFebruary 25, 2024

Classificationcredential-theft

alert tcp any any -> any any (msg:"🐾 - 🚨 DICOM ⚕ Server accept any AET - Possible unsecure service found with NMAP 🥷 - T1201"; flow:to_client, stateless; content:"|02 00 00 00 00 b8|"; content:"|00 01 00 00|"; content:"|41 4e 59 2d 53 43 50 20 20 20 20 20 20 20 20 20|"; distance:0; content:"|45 43 48 4f 53 43 55 20 20 20 20 20 20 20 20 20|"; distance:0; content:"|10 00 00 15 31 2e 32 2e 38 34 30 2e 31 30 30 30 38 2e 33 2e 31 2e 31 2e 31|"; fast_pattern; distance:32; reference:url,https://attack.mitre.org/techniques/T1201/; reference:url,https://nmap.org/nsedoc/scripts/dicom-ping.html; reference:url,https://nmap.org/nsedoc/scripts/dicom-brute.html; metadata:created_at 2024_02_25, updated_at 2024_02_25, signature_severity Major, attack_target Server_Endpoint, affected_product DICOM_Modality, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1201, mitre_technique_name Password_Policy_Discovery; sid:3301148; rev:1; classtype:credential-theft;)

References

url	https://attack.mitre.org/techniques/T1201/
url	https://nmap.org/nsedoc/scripts/dicom-ping.html
url	https://nmap.org/nsedoc/scripts/dicom-brute.html

Metadata

created at2024_02_25

updated at2024_02_25

signature severityMajor

attack targetServer_Endpoint

affected productDICOM_Modality

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1201

mitre technique namePassword_Policy_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!