ATTACK [PTsecurity] SPOOLSS Bind

SID: 10006626Rev: 30 views
Sourceptresearch/attackdetection
CreatedJuly 12, 2021
UpdatedAugust 10, 2021
Classificationattempted-admin
alert tcp-pkt any any -> any any (msg:"ATTACK [PTsecurity] SPOOLSS Bind"; flow:established, to_server; content:"|78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB|"; flowbits:set, DCERPC.SPOOLSS.Bind; flowbits:noalert; reference:url, github.com/ptresearch/AttackDetection; metadata:Open Ptsecurity.com ruleset; metadata:created_at 2021_07_12, updated_at 2021_08_10; classtype:attempted-admin; sid:10006626; rev:3;)

References

urlgithub.com/ptresearch/AttackDetection

Metadata

OpenPtsecurity.com ruleset

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!