ET MALWARE Possible Net Crawler SMB Share Access unicode (Operation Cleaver)

SID: 2019929Rev: 10 viewsHistory

Sourceet/open

CreatedDecember 13, 2014

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert tcp any any -> any [139,445] (msg:"ET MALWARE Possible Net Crawler SMB Share Access unicode (Operation Cleaver)"; flow:established,to_server; content:"|FF|SMB"; offset:4; depth:4; byte_test:1,!&,0x80,6,relative; content:"|00|_|00|A|00|u|00|t|00|o|00|S|00|h|00|a|00|r|00|e|00|$"; distance:0; reference:md5,8994e16b14cde144a9cebdff685d8676; reference:url,www0.cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf; classtype:trojan-activity; sid:2019929; rev:1; metadata:created_at 2014_12_13, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

md5	8994e16b14cde144a9cebdff685d8676 Google Search Brave Search
url	www0.cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf

Metadata

created at2014_12_13

confidenceMedium

signature severityMajor

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!