🐾 - 🚨 VxWorks WDB Agent 🧠 memory dump launched over RPC 🥷 - T1003 - Suricata Rule 3321486 (pawpatrules)

🐾 - 🚨 VxWorks WDB Agent 🧠 memory dump launched over RPC 🥷 - T1003

SID: 3321486Rev: 14 views

Sourcepawpatrules

CreatedMay 15, 2026

UpdatedMay 15, 2026

Classificationtargeted-activity

alert udp any any -> any any (msg:"🐾 - 🚨 VxWorks WDB Agent 🧠 memory dump launched over RPC 🥷 - T1003"; flow:to_server, stateless; content:"|02 55 55 55 55 00 00 00 01 00 00 00 0a|"; fast_pattern; content:"|ff ff 4f 7c|"; distance:16; content:"|3c 00 00 00 04 00 00 00 00 00 00 05 8c|"; distance:3; content:"|00 00 00|"; endswith; target:dest_ip; reference:url,https://www.windriver.com/products/embedded/vxworks; reference:url,https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb; metadata:created_at 2026_05_15, updated_at 2026_05_15, signature_severity Major, attack_target OT, affected_product VxWorks, mitre_tactic_id TA0006, mitre_tactic_name Credential_Access, mitre_technique_id T1003, mitre_technique_name OS_Credential_Dumping; sid:3321486; rev:1; classtype:targeted-activity;)

References

url	https://www.windriver.com/products/embedded/vxworks
url	https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump.rb

Metadata

created at2026_05_15

updated at2026_05_15

signature severityMajor

attack targetOT

affected productVxWorks

mitre tactic idTA0006

mitre tactic nameCredential_Access

mitre technique idT1003

mitre technique nameOS_Credential_Dumping

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!