""ET NETBIOS PolarisOffice Insecure Library Loading - SMB Unicode""
SID: 2025791
Revision: 2
Class Type: attempted-user
Metadata: attack_target Client_Endpoint, created_at 2018_07_06, cve CVE_2018_12589, deployment Perimeter, updated_at 2021_09_09
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: [445,139]
Destination Network: any
Destination Port: any
Flow: from_server
Contents:
-
Value: "SMB" Depth: 5 Offset: 4
-
Value: "p|00|u|00|i|00|f|00|r|00|a|00|m|00|e|00|w|00|o|00|r|00|k|00|p|00|r|00|o|00|r|00|e|00|s|00|e|00|n|00|u|00 2E 00|d|00|l|00|l|00|"
Within:
PCRE:
Special Options:
- nocase