""ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system 2""

SID: 2018392

Revision: 1

Class Type: successful-admin

Metadata: created_at 2014_04_16, updated_at 2023_04_12

Reference:

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: any

Destination Port: any

Flow:

Contents:

• Value: "Microsoft Windows " Depth: 40

• Value: "[Version"

• Value: "Copyright (c) 2009"

• Value: "Microsoft Corp"

Within: 10

PCRE:

Special Options:

source