ATTACK [PTsecurity] EFSR Bind

SID: 10006662Rev: 20 views
Sourceptresearch/attackdetection
CreatedJuly 23, 2021
UpdatedNovember 19, 2021
Classificationattempted-admin
alert tcp-pkt any any -> any any (msg:"ATTACK [PTsecurity] EFSR Bind"; flow:established, to_server; content:"|05 00 0B|"; content:"|88 D4 81 C6 50 D8 D0 11 8C 52 00 C0 4F D9 0F 7E|"; within:64; flowbits:set, DCERPC.EFSR.Bind; reference:url, github.com/ptresearch/AttackDetection; metadata:Open Ptsecurity.com ruleset; metadata:created_at 2021_07_23, updated_at 2021_11_19; classtype:attempted-admin; sid:10006662; rev:2;)

References

urlgithub.com/ptresearch/AttackDetection

Metadata

OpenPtsecurity.com ruleset

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!