Et rule 2025650 - Magic-SigExplorer

""ET EXPLOIT ETERNALBLUE Probe Vulnerable System Response MS17-010""

SID: 2025650

Revision: 3

Class Type: trojan-activity

Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_07_11, deployment Internal, signature_severity Major, tag Metasploit, tag ETERNALBLUE, updated_at 2018_08_15

Reference:

Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: any

Destination Port: any

Flow: from_server,established

Contents:

Value: "|ff|SMB|25 05 02 00 c0 98 01|" Depth: 11 Offset: 4
Value: "|00 00 00 00 00 00 00 00 00 00|"
Value: "|00 00 00|"

Within: 3

PCRE:

Special Options:

source