#alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:6; metadata:created_at 2014_03_25, deprecation_reason Age, former_category EXPLOIT, confidence High, updated_at 2014_03_25;)

Added 2023-01-19 17:27:17 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:5; metadata:created_at 2014_03_25, former_category CURRENT_EVENTS, updated_at 2014_03_25;)

Added 2021-09-21 19:59:19 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:5; metadata:created_at 2014_03_24, former_category CURRENT_EVENTS, updated_at 2014_03_24;)

Added 2020-08-05 19:09:43 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET EXPLOIT Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; metadata: former_category CURRENT_EVENTS; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:5; metadata:created_at 2014_03_24, updated_at 2014_03_24;)

Added 2019-08-16 19:27:08 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:4; metadata:created_at 2014_03_24, updated_at 2014_03_24;)

Added 2018-09-13 19:48:37 UTC


Added 2018-09-13 17:58:34 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:4; metadata:created_at 2014_03_24, updated_at 2014_03_24;)

Added 2017-08-07 21:12:22 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET [25,587] (msg:"ET CURRENT_EVENTS Possible CVE-2014-1761 Inbound SMTP 6"; flow:from_client,established; content:"cdS01NT"; fast_pattern; pcre:"/^(?:.*?(?:XHUtNTU0|cdS01NT|x1LTU1N)){7}/Rs"; reference:cve,2014-1761; reference:url,blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx; classtype:attempted-user; sid:2018312; rev:4;)

Added 2014-03-24 20:26:48 UTC


Topic revision: r1 - 2023-01-19 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats