alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"P|00|S|00|E|00|X|00|E|00|S|00|V|00|C"; nocase; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; classtype:suspicious-filename-detect; sid:2010781; rev:3; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-10-11 16:36:25 UTC


alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; classtype:suspicious-filename-detect; sid:2010781; rev:2; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:03:55 UTC


alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; classtype:suspicious-filename-detect; sid:2010781; rev:2;)

Added 2011-10-12 19:30:35 UTC


alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; classtype:suspicious-filename-detect; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; sid:2010781; rev:2;)

Added 2011-09-14 22:43:45 UTC


alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; classtype:suspicious-filename-detect; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_SecTools; sid:2010781; rev:2;)

Added 2011-02-04 17:30:26 UTC


alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; reference:url,xinn.org/Snort-psexec.html;classtype:suspicious-filename-detect; reference:url,doc.emergingthreats.net/2010781; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_SecTools; sid:2010781; rev:2;)

Added 2010-02-08 10:47:13 UTC


alert tcp any any -> $HOME_NET [139,445] (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; reference:url,xinn.org/Snort-psexec.html;classtype:suspicious-filename-detect; reference:url,doc.emergingthreats.net/2010781; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_SecTools; sid:2010781; rev:2;)

Added 2010-02-08 10:47:13 UTC


alert tcp any any -> $HOME_NET 139:445 (msg:"ET POLICY PsExec? service created"; flow:to_server,established; content:"|5c 00 50 00 53 00 45 00 58 00 45 00 53 00 56 00 43 00 2e 00 45 00 58 00 45|"; reference:url,xinn.org/Snort-psexec.html;classtype:suspicious-filename-detect; reference:url,doc.emergingthreats.net/2010781; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_SecTools; sid:2010781; rev:2;)

Added 2010-02-08 10:25:55 UTC


Topic revision: r1 - 2017-10-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats