Rule History

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Microsoft cmd.exe Banner Output - Decimal Encoded"; flow:established,to_server; content:"77 105 99 114 111 115 111 102 116 32 87 105 110 100 111 119 115 32"; fast_pattern; content:"40 99 41 32 77 105 99 114 111 115 111 102 116 32 67 111 114 112 111 114 97 116 105 111 110 46 32 65 108 108 32 114 105 103 104 116 115 32 114 101 115 101 114 118 101 100 46"; distance:0; classtype:misc-activity; sid:2040360; rev:1; metadata:attack_target Client_and_Server, created_at 2022_11_29, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_11_29;)