Back to Rule

Rule History

SID: 2011526 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 1Sep 27, 2010, 12:00 PM

ET NETBIOS windows recycler request - suspicious

alert tcp any any -> $HOME_NET [139,445] (msg:"ET NETBIOS windows recycler request - suspicious"; flow:to_server,established; content:"|00 00 5C 00 72 00 65 00 63 00 79 00 63 00 6C 00 65 00 72 00 5C|"; reference:url,about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC; reference:url,www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe; reference:url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FFakerecy.A; reference:url,support.microsoft.com/kb/971029; classtype:suspicious-filename-detect; sid:2011526; rev:1; metadata:created_at 2010_09_27, confidence High, signature_severity Informational, updated_at 2019_07_26;)

Sep 27, 2010, 12:00 PM

Jul 26, 2019, 12:00 PM

Sep 21, 2024, 3:00 AM

May 30, 2025, 12:04 AM

rules/emerging-netbios.rules