#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; fast_pattern; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; reference:url,doc.emergingthreats.net/2009581; classtype:successful-admin; sid:2009581; rev:4; metadata:affected_product Any, attack_target Client_and_Server, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, tag Metasploit, signature_severity Critical, created_at 2010_07_30, updated_at 2016_07_01;)

Added 2017-08-07 21:02:43 UTC


#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; fast_pattern; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; reference:url,doc.emergingthreats.net/2009581; classtype:successful-admin; sid:2009581; rev:4;)

Added 2011-10-12 19:27:44 UTC


#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; fast_pattern; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; sid:2009581; rev:4;)

Added 2011-09-14 22:41:06 UTC


#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; fast_pattern; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2009581; rev:4;)

Added 2011-02-04 17:28:56 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2009581; rev:3;)

Added 2009-12-21 23:52:13 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2009581; rev:3;)

Added 2009-12-21 23:52:13 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; sid:2009581; rev:2;)

Added 2009-12-21 11:15:49 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; sid:2009581; rev:2;)

Added 2009-12-21 11:15:49 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2009581; rev:2;)

Added 2009-07-16 11:30:36 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2009581; rev:2;)

Added 2009-07-16 11:30:36 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"metsrv.dll|00|MZ"; depth:13; content:"!This program cannot be run in DOS mode."; distance:75; within:40; classtype:successful-admin; sid:2009581; rev:1;)

Added 2009-07-14 13:39:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET ATTACK_RESPONSE Metasploit Meterpreter File Download Detected"; flow:to_client,established; content:"stdapi_fs_stat"; depth:54; classtype:successful-user; reference:url,www.nologin.org/Downloads/Papers/meterpreter.pdf; sid:2009581; rev:1;)

Added 2009-07-14 10:30:36 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats