🐾 - 🚨 Suspicious SSH client named Exploit - seen in public POC for regreSSHion - CVE-2024-6387 - T1210 - Suricata Rule 3321319 (pawpatrules)

🐾 - 🚨 Suspicious SSH client named Exploit - seen in public POC for regreSSHion - CVE-2024-6387 - T1210

SID: 3321319Rev: 187 views

Sourcepawpatrules

CreatedAugust 2, 2024

UpdatedAugust 3, 2024

Classificationpolicy-violation

alert ssh any any -> any any (msg:"🐾 - 🚨 Suspicious SSH client named Exploit - seen in public POC for regreSSHion - CVE-2024-6387 - T1210"; flow:to_server, stateless; ssh.software; content:"Exploit"; reference:url,https://github.com/d0rb/CVE-2024-6387; reference:url,https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt; reference:url,https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server; reference:url,https://www.openssh.com/txt/release-9.8; target:dest_ip; metadata:created_at 2024_08_03, updated_at 2024_08_03, signature_severity Major, attack_target Server_Endpoint, affected_product Linux mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_of_Remote_Services; sid:3321319; rev:1; classtype:policy-violation;)

References

url	https://github.com/d0rb/CVE-2024-6387
url	https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
url	https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
url	https://www.openssh.com/txt/release-9.8

Metadata

created at2024_08_03

updated at2024_08_03

signature severityMajor

attack targetServer_Endpoint

affected productLinux mitre_tactic_id TA0008

mitre tactic nameLateral_Movement

mitre technique idT1210

mitre technique nameExploitation_of_Remote_Services

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!