Stamus Networks MS-RPRN service - RpcStartDocPrinter - Suricata Rule 3115526 (stamus/lateral)

Stamus Networks MS-RPRN service - RpcStartDocPrinter

SID: 3115526Rev: 40 viewsHistory

Sourcestamus/lateral

CreatedApril 3, 2022

UpdatedAugust 5, 2024

alert smb any any -> $HOME_NET any (msg:"Stamus Networks MS-RPRN service - RpcStartDocPrinter"; flow:to_server, established; dcerpc.iface:12345678-1234-ABCD-EF00-0123456789AB; dcerpc.opnum:17; flowbits:set,stamus.rprn.service.RpcStartDocPrinter; metadata:lateral_key dcerpc.iface, lateral_function RpcStartDocPrinter, lateral_asset src_ip, stamus_classification lateral, provider Stamus, created_at 2022_04_03, updated_at 2024_08_05, source smb_lateral, signature_severity Informational; target:dest_ip; sid:3115526; rev:4; reference:url,https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/848b8334-134a-4d02-aea4-03b673d6c515; reference:url,https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata; reference:url,https://www.stamus-networks.com/blog/threat-hunting-with-the-open-lateral-movement-ruleset-for-suricata;)

References

url	https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rprn/848b8334-134a-4d02-aea4-03b673d6c515
url	https://www.stamus-networks.com/blog/new-open-ruleset-for-detecting-lateral-movement-with-suricata
url	https://www.stamus-networks.com/blog/threat-hunting-with-the-open-lateral-movement-ruleset-for-suricata

Metadata

lateral keydcerpc.iface

lateral functionRpcStartDocPrinter

lateral assetsrc_ip

stamus classificationlateral

providerStamus

created at2022_04_03

updated at2024_08_05

sourcesmb_lateral

signature severityInformational

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!