🐾 - 🔔 Kerberos - Brute Force attack to Active Directory 🪟 - Password Cracking 🥷 - T1110.002 - Suricata Rule 3301161 (pawpatrules)

🐾 - 🔔 Kerberos - Brute Force attack to Active Directory 🪟 - Password Cracking 🥷 - T1110.002

SID: 3301161Rev: 5109 viewsHistory

Sourcepawpatrules

CreatedApril 23, 2024

UpdatedMarch 11, 2025

Classificationattempted-recon

alert udp $HOME_NET 88 -> any any (msg:"🐾 - 🔔 Kerberos - Brute Force attack to Active Directory 🪟 - Password Cracking 🥷 - T1110.002"; flow:to_client, stateless; threshold:type threshold, track by_src, count 5, seconds 5; content:"|a0 03 02 01 05 a1 03 02 01|"; fast_pattern; content:"|6b 72 62 74 67 74|"; reference:url,https://attack.mitre.org/techniques/T1110/002/; reference:url,https://github.com/ropnop/kerbrute; metadata:created_at 2024_04_23, updated_at 2025_03_11, signature_severity Major, attack_target Server_Endpoint, affected_product Windows_Server_32_64_Bit, mitre_tactic_id TA0006, mitre_tactic_name Credential_Access, mitre_technique_id T1110_002, mitre_technique_name Brute_Force_Password_Cracking; sid:3301161; rev:5; classtype:attempted-recon;)

References

url	https://attack.mitre.org/techniques/T1110/002/
url	https://github.com/ropnop/kerbrute

Metadata

created at2024_04_23

updated at2025_03_11

signature severityMajor

attack targetServer_Endpoint

affected productWindows_Server_32_64_Bit

mitre tactic idTA0006

mitre tactic nameCredential_Access

mitre technique idT1110_002

mitre technique nameBrute_Force_Password_Cracking

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!