Emerging Threatmediumtest

SSHD Error Message CVE-2018-15473

Detects exploitation attempt using public exploit code for CVE-2018-15473

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Florian Roth (Nextron Systems)Created Thu Aug 24Updated Sat Nov 274c9d903d-4939-4094-ade0-3cb748f4d7da2018

Emerging Threat

Active Threat

Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.

Log Source

Linuxsshd

ProductLinux← raw: linux

Servicesshd← raw: sshd

Detection Logic

detection:
    keywords:
        - 'error: buffer_get_ret: trying to get more bytes 1907 than in buffer 308 [preauth]'
    condition: keywords

False Positives

Unknown

False positive likelihood has not been assessed. Additional context may be needed during triage.

References

MITRE ATT&CK

Tactics

Techniques

Other

cve.2018-15473detection.emerging-threats

Rule Metadata

Rule ID

4c9d903d-4939-4094-ade0-3cb748f4d7da

Status

test

Level

medium

Type

Emerging Threat

Created

Thu Aug 24

Modified

Sat Nov 27

Author

Path

rules-emerging-threats/2018/Exploits/CVE-2018-15473/lnx_sshd_exploit_cve_2018_15473.yml

Raw Tags

attack.reconnaissanceattack.t1589cve.2018-15473detection.emerging-threats