ET INFO Explorer Shell CLSID COM Object Call Method Inbound via TCP

SID: 2027201Rev: 40 views
History
Sourceet/open
CreatedApril 15, 2019
UpdatedMay 25, 2023
Classificationmisc-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Explorer Shell CLSID COM Object Call Method Inbound via TCP"; flow:established,to_client; content:"explorer.exe|20|"; nocase; content:"shell|3a 3a 3a 7b|"; within:20; fast_pattern; pcre:"/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]\x7d/Ri"; classtype:misc-activity; sid:2027201; rev:4; metadata:attack_target Client_Endpoint, created_at 2019_04_15, deployment Perimeter, performance_impact Low, confidence High, signature_severity Informational, updated_at 2023_05_25; target:dest_ip;)

Metadata

attack targetClient_Endpoint
created at2019_04_15
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityInformational
updated at2023_05_25

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!