""ET TROJAN Possible Net Crawler SMB Share Access unicode (Operation Cleaver)""
SID: 2019929
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2014_12_13, updated_at 2014_12_13
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: any
Destination Port: [139,445]
Flow: established,to_server
Contents:
-
Value: "|FF|SMB" Depth: 4 Offset: 4
-
Value: "|00|_|00|A|00|u|00|t|00|o|00|S|00|h|00|a|00|r|00|e|00|$"
Within:
PCRE:
Special Options: