ATTACK [PTsecurity] Mikrotik Router OS 6.38.4 Stack Clash RCE

SID: 10002457Rev: 10 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert tcp any any -> any any (msg:"ATTACK [PTsecurity] Mikrotik Router OS 6.38.4 Stack Clash RCE"; flow:established, to_server, no_stream; content:"|24 50 00 00 26 04 00 40 AE 04 FF F0 26 11 00 50 AE 11 FF F4 26 11 00 60 AE 11 FF F8 22 05 FF F0 22 06 FF FC 24 02 0F AB 00 00 00 0C|"; content:"/bin"; within:30; xbits:isset, RouterOS.StackClash.POST2, track ip_src; reference:url, github.com/BigNerd95/Chimay-Red/blob/master/StackClashMIPS.py; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002457; rev:1;)

References

urlgithub.com/BigNerd95/Chimay-Red/blob/master/StackClashMIPS.py
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!