ET HUNTING Microsoft cmd.exe Banner Output - Decimal Encoded - Suricata Rule 2040360 (et/open)

ET HUNTING Microsoft cmd.exe Banner Output - Decimal Encoded

SID: 2040360Rev: 10 viewsHistory

Sourceet/open

CreatedNovember 29, 2022

UpdatedNovember 29, 2022

Classificationmisc-activity

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Microsoft cmd.exe Banner Output - Decimal Encoded"; flow:established,to_server; content:"77 105 99 114 111 115 111 102 116 32 87 105 110 100 111 119 115 32"; fast_pattern; content:"40 99 41 32 77 105 99 114 111 115 111 102 116 32 67 111 114 112 111 114 97 116 105 111 110 46 32 65 108 108 32 114 105 103 104 116 115 32 114 101 115 101 114 118 101 100 46"; distance:0; classtype:misc-activity; sid:2040360; rev:1; metadata:attack_target Client_and_Server, created_at 2022_11_29, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_11_29;)

Metadata

attack targetClient_and_Server

created at2022_11_29

deploymentPerimeter

performance impactLow

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2022_11_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!