ATTACK [PTsecurity] EFSR /efsrpc Bind

SID: 10006663Rev: 20 views
Sourceptresearch/attackdetection
CreatedJuly 23, 2021
UpdatedNovember 19, 2021
Classificationattempted-admin
alert tcp-pkt any any -> any any (msg:"ATTACK [PTsecurity] EFSR /efsrpc Bind"; flow:established, to_server; content:"|05 00 0B|"; content:"|C5 41 19 DF 89 FE 79 4E BF 10 46 36 57 AC F4 4D|"; within:64; flowbits:set, DCERPC.EFSR.Bind; reference:url, github.com/ptresearch/AttackDetection; metadata:Open Ptsecurity.com ruleset; metadata:created_at 2021_07_23, updated_at 2021_11_19; classtype:attempted-admin; sid:10006663; rev:2;)

References

urlgithub.com/ptresearch/AttackDetection

Metadata

OpenPtsecurity.com ruleset

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!