🐾 - 🔔 SMB - Remote DLL 🪟 Execution - Possible Hijack Execution Flow - DLL Side-Loading 🥷 - T1574.002 - Suricata Rule 3301158 (pawpatrules)

🐾 - 🔔 SMB - Remote DLL 🪟 Execution - Possible Hijack Execution Flow - DLL Side-Loading 🥷 - T1574.002

SID: 3301158Rev: 12 views

Sourcepawpatrules

CreatedJanuary 6, 2024

UpdatedFebruary 18, 2024

Classificationtargeted-activity

alert tcp $HOME_NET any -> any 445 (msg:"🐾 - 🔔 SMB - Remote DLL 🪟 Execution - Possible Hijack Execution Flow - DLL Side-Loading 🥷 - T1574.002"; flow:to_server, stateless; content:"|fe 53 4d 42 40 00|"; content:"|00 00 00 00 00 00 00 00 a1 00 10 00|"; content:"|05 00 00 00 01 00 00 00 60 00 00 00|"; fast_pattern; distance:4; content:"|2e 00 64 00 6c 00 6c 00|"; reference:url,https://attack.mitre.org/techniques/T1574/002/; target:src_ip; metadata:created_at 2024_01_06, updated_at 2024_02_18, signature_severity Major, attack_target Client_and_Server, affected_product Windows_XP_Vista_7_8_10_11_Server_32_64_Bit, mitre_tactic_id TA0003, mitre_tactic_name Persistence, mitre_tactic_id TA0004, mitre_tactic_name Privilege_Escalation, mitre_tactic_id TA0005, mitre_tactic_name Defense_Evasion, mitre_technique_id T1040, mitre_technique_name Hijack_Execution_Flow_DLL_Side_Loading; sid:3301158; rev:1; classtype:targeted-activity;)

References

url	https://attack.mitre.org/techniques/T1574/002/

Metadata

created at2024_01_06

updated at2024_02_18

signature severityMajor

attack targetClient_and_Server

affected productWindows_XP_Vista_7_8_10_11_Server_32_64_Bit

mitre tactic idTA0005

mitre tactic nameDefense_Evasion

mitre technique idT1040

mitre technique nameHijack_Execution_Flow_DLL_Side_Loading

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!