ET REMOTE_ACCESS ScreenConnect/ConnectWise Initial Checkin Packet M2
Sourceet/open
Fileemerging-remote_access.rules
CreatedSeptember 13, 2023
UpdatedJune 10, 2024
Classificationmisc-activity
alert tcp [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET REMOTE_ACCESS ScreenConnect/ConnectWise Initial Checkin Packet M2"; dsize:<600; content:"|87 1C 10 00 00 00 00 00 00 00 00 00 00 00 00 00|"; startswith; fast_pattern; reference:url,community.emergingthreats.net/t/update-new-rule-needed-for-screenconnect-sid-2036627/938 ; classtype:misc-activity; sid:2048051; rev:4; metadata:attack_target Client_Endpoint, created_at 2023_09_13, deployment Perimeter, deployment Internal, former_category INFO, performance_impact Low, confidence High, signature_severity Informational, tag RemoteAccessTool, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_10;)
References
Metadata
attack targetClient_Endpoint
created at2023_09_13
deploymentInternal
former categoryINFO
performance impactLow
confidenceHigh
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_06_10
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!