ET SCADA [nsacyber/ELITEWOLF] Schweitzer Engineering Laboratories SEL FTP Server Activity - Change working directory 2701

7.0.35.0SID: 2048670Rev: 2Enabled11 views
Sourceet/open
Fileemerging-scada.rules
CreatedOctober 19, 2023
UpdatedMarch 8, 2024
Classificationmisc-activity
alert tcp-pkt any any -> $HOME_NET 21 (msg:"ET SCADA [nsacyber/ELITEWOLF] Schweitzer Engineering Laboratories SEL FTP Server Activity - Change working directory 2701"; flow:established,to_server; content:"CWD|20|"; content:"SEL-2701"; within:10; fast_pattern; reference:url,github.com/nsacyber/ELITEWOLF; classtype:misc-activity; sid:2048670; rev:2; metadata:affected_product Schweitzer_Engineering_Laboratories_SEL_Series, attack_target ICS, created_at 2023_10_19, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Minor, updated_at 2024_03_08, reviewed_at 2024_10_02; target:src_ip;)

Metadata

affected productSchweitzer_Engineering_Laboratories_SEL_Series
attack targetICS
created at2023_10_19
deploymentInternal
performance impactLow
confidenceHigh
signature severityMinor
updated at2024_03_08
reviewed at2024_10_02

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!