#alert tcp any any -> $HOME_NET 3389 (msg:"ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|7f 65 82 01 94|"; distance:24; within:5; content:"|30 19|"; distance:9; within:2; byte_test:1,<,6,3,relative; reference:url,msdn.microsoft.com/en-us/library/cc240836.aspx; reference:cve,2012-0002; classtype:attempted-admin; sid:2014383; rev:2; metadata:created_at 2012_03_13, updated_at 2012_03_13;)

Added 2018-01-18 16:49:05 UTC

#alert tcp any any -> $HOME_NET 3389 (msg:"ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|7f 65 82 01 94|"; distance:24; within:5; content:"|30 19|"; distance:9; within:2; byte_test:1,<,6,3,relative; reference:url,msdn.microsoft.com/en-us/library/cc240836.aspx; reference:cve,2012-0002; classtype:attempted-admin; sid:2014383; rev:2; metadata:created_at 2012_03_13, updated_at 2012_03_13;)

Added 2018-01-18 16:31:50 UTC

alert tcp any any -> $HOME_NET 3389 (msg:"ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|7f 65 82 01 94|"; distance:24; within:5; content:"|30 19|"; distance:9; within:2; byte_test:1,<,6,3,relative; reference:url,msdn.microsoft.com/en-us/library/cc240836.aspx; reference:cve,2012-0002; classtype:attempted-admin; sid:2014383; rev:2; metadata:created_at 2012_03_13, updated_at 2012_03_13;)

Added 2017-08-07 21:07:46 UTC

alert tcp any any -> $HOME_NET 3389 (msg:"ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|7f 65 82 01 94|"; distance:24; within:5; content:"|30 19|"; distance:9; within:2; byte_test:1,<,6,3,relative; reference:url,msdn.microsoft.com/en-us/library/cc240836.aspx; reference:cve,2012-0002; classtype:attempted-admin; sid:2014383; rev:2;)

Added 2012-03-14 18:30:59 UTC