ATTACK [PTsecurity] IREMOTEWINSPOOL Bind

SID: 10006624Rev: 30 views
Sourceptresearch/attackdetection
CreatedJuly 12, 2021
UpdatedAugust 10, 2021
Classificationattempted-admin
alert tcp-pkt any any -> any any (msg:"ATTACK [PTsecurity] IREMOTEWINSPOOL Bind"; flow:established, to_server; content:"|96 3F F0 76 FD CD FC 44 A2 2C 64 95 0A 00 12 09|"; flowbits:set, DCERPC.IREMOTEWINSPOOL.Bind; flowbits:noalert; reference:url, github.com/ptresearch/AttackDetection; metadata:Open Ptsecurity.com ruleset; metadata:created_at 2021_07_12, updated_at 2021_08_10; classtype:attempted-admin; sid:10006624; rev:3;)

References

urlgithub.com/ptresearch/AttackDetection

Metadata

OpenPtsecurity.com ruleset

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!