""ET TROJAN Possible Net Crawler SMB Share Access ascii (Operation Cleaver)""
SID: 2019930
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2014_12_13, updated_at 2014_12_13
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: any
Destination Port: [139,445]
Flow: established,to_server
Contents:
-
Value: "|FF|SMB" Depth: 4 Offset: 4
-
Value: "_AutoShare$"
Within:
PCRE:
Special Options: