#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; reference:url,doc.emergingthreats.net/2010454; classtype:successful-admin; sid:2010454; rev:3; metadata:affected_product Any, attack_target Client_and_Server, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, tag Metasploit, signature_severity Critical, created_at 2010_07_30, updated_at 2016_07_01;)

Added 2017-08-07 21:03:34 UTC


#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; fast_pattern:only; reference:url,doc.emergingthreats.net/2010454; classtype:successful-admin; sid:2010454; rev:4;)

Added 2011-10-12 19:29:48 UTC


#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; fast_pattern:only; classtype:successful-admin; reference:url,doc.emergingthreats.net/2010454; sid:2010454; rev:4;)

Added 2011-09-14 22:43:01 UTC


#alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; fast_pattern:only; classtype:successful-admin; reference:url,doc.emergingthreats.net/2010454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2010454; rev:4;)

Added 2011-02-04 17:30:00 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; reference:url,doc.emergingthreats.net/2010454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2010454; rev:3;)

Added 2009-12-21 23:52:13 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; reference:url,doc.emergingthreats.net/2010454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2010454; rev:3;)

Added 2009-12-21 23:52:13 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; sid:2010454; rev:2;)

Added 2009-12-21 11:15:49 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; sid:2010454; rev:2;)

Added 2009-12-21 11:15:49 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2010454; rev:2;)

Added 2009-12-16 09:00:48 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter; sid:2010454; rev:2;)

Added 2009-12-16 09:00:48 UTC


alert tcp $EXTERNAL_NET 1024:65535 -> $HOME_NET 1024:65535 (msg:"ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host"; flow:established; content:"|40 00 41 00 42 0043 00 44 00 6d 65 74 73 72 76 2e 64 6c 6c 00 49 6e 69 74 00 5f 52 65 66 6c 65 63 74 69 76 65 4c 6f 61|"; classtype:successful-admin; reference:url,doc.emergingthreats.net/2009581; sid:2010454; rev:1;)

Added 2009-12-09 11:52:56 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats