🐾 - 🚨 TGT Granted by 🪟 DC after Suspicious Kerberos AS-Request 🥷 - T1558 - Suricata Rule 3321413 (pawpatrules)

🐾 - 🚨 TGT Granted by 🪟 DC after Suspicious Kerberos AS-Request 🥷 - T1558

SID: 3321413Rev: 225 views

Sourcepawpatrules

CreatedFebruary 16, 2025

UpdatedFebruary 21, 2025

Classificationcredential-theft

alert tcp $HOME_NET 88 -> any any (msg:"🐾 - 🚨 TGT Granted by 🪟 DC after Suspicious Kerberos AS-Request 🥷 - T1558"; flow:to_client, stateless; flowbits:isset,pptrls.suspkrbasrep; content:"|30 82 06|"; content:"|05 a1 03 02 01 0b|"; content:"|6b 72 62 74 67 74|"; metadata:created_at 2025_02_16, updated_at 2025_02_21, signature_severity Major, attack_target Server_Endpoint, affected_product Windows_Server_32_64_Bit, mitre_tactic_id TA0006, mitre_tactic_name Credential_Access, mitre_technique_id T1558, mitre_technique_name Steal_or_Forge_Kerberos_Tickets; sid:3321413; rev:2; classtype:credential-theft;)

Metadata

created at2025_02_16

updated at2025_02_21

signature severityMajor

attack targetServer_Endpoint

affected productWindows_Server_32_64_Bit

mitre tactic idTA0006

mitre tactic nameCredential_Access

mitre technique idT1558

mitre technique nameSteal_or_Forge_Kerberos_Tickets

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!