🐾 - 🚨 DICOM ⚕ A-ASSOCIATE request from NMAP - System Information Discovery 🥷 - T1082 - Suricata Rule 3301149 (pawpatrules)

🐾 - 🚨 DICOM ⚕ A-ASSOCIATE request from NMAP - System Information Discovery 🥷 - T1082

SID: 3301149Rev: 218 views

Sourcepawpatrules

CreatedFebruary 25, 2024

UpdatedFebruary 25, 2024

Classificationattempted-recon

alert tcp any any -> any any (msg:"🐾 - 🚨 DICOM ⚕ A-ASSOCIATE request from NMAP - System Information Discovery 🥷 - T1082"; flow:to_server, stateless; content:"|01 00 00 00 00 cd|"; content:"|00 01 00 00 41 4e 59 2d 53 43 50 20 20 20 20 20 20 20 20 20 45 43 48 4f 53 43 55 20 20 20 20 20 20 20 20 20|"; fast_pattern; reference:url,https://attack.mitre.org/techniques/T1082/; reference:url,https://nmap.org/nsedoc/scripts/dicom-ping.html; reference:url,https://nmap.org/nsedoc/scripts/dicom-brute.html; metadata:created_at 2024_02_25, updated_at 2024_02_25, signature_severity Major, attack_target Server_Endpoint, affected_product DICOM_Modality, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; sid:3301149; rev:2; classtype:attempted-recon;)

References

url	https://attack.mitre.org/techniques/T1082/
url	https://nmap.org/nsedoc/scripts/dicom-ping.html
url	https://nmap.org/nsedoc/scripts/dicom-brute.html

Metadata

created at2024_02_25

updated at2024_02_25

signature severityMajor

attack targetServer_Endpoint

affected productDICOM_Modality

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1082

mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!