BIOC-POC-CVE-2024-49112.bioc

672d00edeebccc93235f23039a2f550a
[{"rule_id":412,"global_rule_id":"NO_ID","mssp_global_rule_id":null,"insert_time":1735829023643,"modify_time":1735829115651,"severity":"SEV_040_HIGH","source":"frank.bussink@swissexpertgroup.com","comment":"detection of early signs of POC CVE-2024-49112\nVulnerability is in LDAP not in RPC\nhttps:\/\/github.com\/SafeBreach-Labs\/CVE-2024-49112","status":"ENABLED","category":"TAMPERING","indicator":null,"indicator_md5":"3e0d65028d4fe580f8b3dfd75b811884","indicator_text":"dataset = xdr_data \r\n| filter event_type = ENUM.RPC_CALL  \r\n| filter (event_rpc_interface_uuid = \"{12345678-1234-ABCD-EF00-01234567CFFB}\" )\r\n|filter (event_rpc_func_opnum = 34)","name":"BIOC-POC-CVE-2024-49112","mitre_technique_id_and_name":"T1498 - Network Denial of Service","mitre_tactic_id_and_name":"","mitre_tactic_id":"","mitre_technique_id":"T1498","btp_rule":null,"btp_rule_name":null,"is_preventable":0,"supported_os":0,"btp_validation_error":"UNSUPPORTED_XQL","xql":"{\"stages\":[{\"FILTER\":{\"filter\":{\"OR\":[{\"LEFT\":\"$event_type\",\"OPERATOR\":\"EQ\",\"RIGHT\":\"$ENUM.RPC_CALL\",\"FILTER_DIALECT\":\"EXTENDED_FILTER_OBJ\"}]}}},{\"FILTER\":{\"filter\":{\"OR\":[{\"LEFT\":\"$event_rpc_interface_uuid\",\"OPERATOR\":\"EQ\",\"RIGHT\":\"{12345678-1234-ABCD-EF00-01234567CFFB}\",\"FILTER_DIALECT\":\"EXTENDED_FILTER_OBJ\"}]}}},{\"FILTER\":{\"filter\":{\"OR\":[{\"LEFT\":\"$event_rpc_func_opnum\",\"OPERATOR\":\"EQ\",\"RIGHT\":34,\"FILTER_DIALECT\":\"EXTENDED_FILTER_OBJ\"}]}}}],\"original_query\":null,\"tables\":[\"xdr_data\"]}","is_xql":true,"query_tables":"[\"xdr_data\"]","rule_indicator_last_modified_ts":1735829023643,"status_changed_by":null,"status_changed_at":null,"last_status_change_reason":null}]