ET NETBIOS windows recycler .exe request - suspicious - Suricata Rule 2011527 (et/open)

ET NETBIOS windows recycler .exe request - suspicious

SID: 2011527Rev: 40 viewsHistory

Sourceet/open

CreatedSeptember 27, 2010

UpdatedJuly 26, 2019

Classificationsuspicious-filename-detect

alert tcp any any -> $HOME_NET [139,445] (msg:"ET NETBIOS windows recycler .exe request - suspicious"; flow:to_server,established; content:"|00 00 5C 00 72 00 65 00 63 00 79 00 63 00 6C 00 65 00 72 00 5C|"; content:"|00 2E 00 65 00 78 00 65|"; distance:0; reference:url,about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC; reference:url,www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe; classtype:suspicious-filename-detect; sid:2011527; rev:4; metadata:created_at 2010_09_27, confidence High, signature_severity Informational, updated_at 2019_07_26;)

References

url	about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC
url	www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe

Metadata

created at2010_09_27

confidenceHigh

signature severityInformational

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!