""ET EXPLOIT [PwnedPiper] Exploitation Attempt - Small Malformed Translogic Packet (Multiple CVEs)""

SID: 2033661

Revision: 1

Class Type: attempted-admin

Metadata: attack_target Server, created_at 2021_08_03, cve CVE_2021_37162, deployment Perimeter, deployment Internal, signature_severity Major, tag Exploit, updated_at 2021_08_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application

Reference:

  • cve

  • 2021-37161

Protocol: udp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: 12345

Flow:

Contents:

  • Value: "TLPU" Depth: 4

  • Value: "|00 00 00 01|"

Within: 4

PCRE:

Special Options:

  • fast_pattern

source