ATTACK [PTsecurity] ETERNALBLUE (WannaCry, Petya) SMB MS Windows RCE

SID: 10001255Rev: 34 views
Sourceptresearch/attackdetection
CreatedMarch 30, 2022
UpdatedMarch 30, 2022
Classificationattempted-admin
alert smb any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] ETERNALBLUE (WannaCry, Petya) SMB MS Windows RCE"; flow:to_server, established; content:"|FF|SMB3|00 00 00 00|"; depth:9; offset:4; flowbits:isset, SMB.Trans2.SubCommand.Unimplemented; threshold:type limit, track by_src, seconds 60, count 1; reference:cve, 2017-0144; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001255; rev:3;)

References

cve2017-0144
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!