ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit (Stuxnet Technique)

7.0.35.0SID: 2015996Rev: 4Enabled2 views
Sourceet/open
Fileemerging-exploit.rules
CreatedDecember 6, 2012
UpdatedMarch 6, 2024
Classificationattempted-user
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit (Stuxnet Technique)"; flow:established,to_server; content:"|03|"; offset:3; depth:4; content:"INSERT INTO"; nocase; distance:0; content:"#pragma namespace("; nocase; distance:0; content:"|5c 5c 5c|.|5c 5c 5c 5c|root|5c 5c 5c 5c|"; nocase; distance:0; content:"__EventFilter"; nocase; distance:0; content:" __InstanceModificationEvent"; nocase; distance:0; content:"TargetInstance"; nocase; distance:0; content:"Win32_LocalTime"; nocase; distance:0; content:"ActiveScriptEventConsumer"; nocase; distance:0; content:"JScript"; nocase; distance:0; content:"WScript.Shell"; nocase; distance:0; content:"WSH.run"; nocase; distance:0; content:".exe"; distance:0; content:"__FilterToConsumerBinding"; pcre:"/WSH\.run\x28\x5c+?[\x22\x27][a-z0-9_-]+?\.exe/"; reference:url,seclists.org/fulldisclosure/2012/Dec/att-13/; classtype:attempted-user; sid:2015996; rev:4; metadata:created_at 2012_12_06, signature_severity Major, updated_at 2024_03_06;)

Metadata

created at2012_12_06
signature severityMajor
updated at2024_03_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!