""ET POLICY SMB Remote AT Scheduled Job Pipe Creation""
SID: 2025714
Revision: 2
Class Type: bad-unknown
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target SMB_Client, created_at 2018_07_16, deployment Internal, signature_severity Minor, updated_at 2018_07_16
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: 445
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "SMB" Depth: 8
-
Value: "\PIPE\atsvc|00|"
Within:
PCRE:
Special Options: