TOOLS [PTsecurity] Possible xfreerdp RDP client

SID: 10005928Rev: 20 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationbad-unknown
alert tcp any any -> any any (msg:"TOOLS [PTsecurity] Possible xfreerdp RDP client"; flow:established, to_server, no_stream; content:"|03 00|"; depth:2; content:"Duca"; distance:0; content:"|01 C0|"; distance:2; within:2; byte_jump:2, 0, relative, little, post_offset -4; content:"|04 C0|"; within:2; byte_jump:2, 0, relative, little, post_offset -4; content:"|02 C0|"; within:2; isdataat:!11, relative; reference:url, github.com/ptresearch/AttackDetection; classtype:bad-unknown; sid:10005928; rev:2;)

References

urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!