ATTACK [PTsecurity] SMB2 Create PSEXESVC.EXE

SID: 10001444Rev: 10 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationsuspicious-filename-detect
alert smb any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] SMB2 Create PSEXESVC.EXE"; flow:to_server, established, no_stream; content:"|fe 53 4d 42|"; offset:4; depth:4; content:"|05 00|"; offset:16; depth:2; byte_jump:2, 112, little, from_beginning, post_offset 4; content:"|50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; distance:0; classtype:suspicious-filename-detect; reference:url, github.com/ptresearch/AttackDetection; sid:10001444; rev:1;)

References

urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!