alert tcp any any -> any 3389 (msg:"ET EXPLOIT [NCC GROUP] Possible Inbound RDP Exploitation Attempt (CVE-2019-0708)"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|02 f0|"; distance:2; within:2; content:"|00 05 00 14 7c 00 01|"; within:512; content:"|03 c0|"; distance:3; within:384; content:"MS_T120|00|"; distance:6; within:372; nocase; fast_pattern; threshold: type limit, track by_src, count 2, seconds 600; metadata: former_category EXPLOIT; reference:cve,2019,0708; reference:url,portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708; reference:url,github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt; classtype:attempted-admin; sid:2027369; rev:3; metadata:attack_target Client_and_Server, deployment Perimeter, deployment Internet, deployment Internal, signature_severity Major, created_at 2019_05_21, updated_at 2019_05_21;)

Added 2019-05-21 17:53:54 UTC


alert tcp any any -> any 3389 (msg:"ET EXPLOIT [NCC GROUP] Possible Inbound RDP Exploitation Attempt (CVE-2019-0708)"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|02 f0|"; distance:2; within:2; content:"|00 05 00 14 7c 00 01|"; within:512; content:"|03 c0|"; distance:3; within:384; content:"MS_T120|00|"; distance:6; within:372; fast_pattern; threshold: type limit, track by_src, count 2, seconds 600; metadata: former_category EXPLOIT; reference:cve,2019,0708; reference:url,portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708; reference:url,github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt; classtype:attempted-admin; sid:2027369; rev:2; metadata:attack_target Client_and_Server, deployment Perimeter, deployment Internet, deployment Internal, signature_severity Major, created_at 2019_05_21, updated_at 2019_05_21;)

Added 2019-05-21 10:55:21 UTC


Topic revision: r1 - 2019-05-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats