ATTACK [PTsecurity] Samba RCE exploitation attempt (SambaCry)

SID: 10001356Rev: 837 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert smb any any -> any any (msg:"ATTACK [PTsecurity] Samba RCE exploitation attempt (SambaCry)"; flow:to_server, established, no_stream; content:"|ff 53 4d 42 a2|"; offset:4; depth:5; byte_extract:2, 85, name_length, little; content:"|2f|"; within:name_length; pcre:"/(?:\.\x00s\x00o\x00|\.so\x00)(?:$|[^b])/Ri"; threshold:type limit, track by_src, count 1, seconds 30; reference:cve, 2017-7494; reference:url, www.samba.org/samba/security/CVE-2017-7494.html; reference:url, thehackernews.com/2017/05/samba-rce-exploit.html; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10001356; rev:8;)

References

cve2017-7494
urlwww.samba.org/samba/security/CVE-2017-7494.html
urlthehackernews.com/2017/05/samba-rce-exploit.html
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!