""ET EXPLOIT Pwdump4 Session Established GetHash port 445""
SID: 2001754
Revision: 5
Class Type: suspicious-login
Metadata: created_at 2010_07_30, updated_at 2010_11_04
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 445
Flow: to_server,established
Contents:
- Value: "|50 57 44 75 6d 70 34 2e 64 6c 6c 00 47 65 74 48 61 73 68|"
Within:
PCRE:
Special Options: