""ET POLICY Outbound MSSQL Connection to Non-Standard Port - Likely Malware""
SID: 2013409
Revision: 3
Class Type: bad-unknown
Metadata: created_at 2011_08_16, updated_at 2012_01_04
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: !1433
Flow: to_server,established
Contents:
-
Value: "|12 01 00|" Depth: 3
-
Value: "|00 00 00 00 00 00 15 00 06 01 00 1b 00 01 02 00 1c 00|"
-
Value: "|03 00|"
-
Value: "|00 04 ff 08 00 01 55 00 00 00|"
Within: 10
PCRE:
Special Options: