""ET INFO Possible Microsoft OMI Agent Default TLS Certificate Observed""

SID: 2033955

Revision: 2

Class Type: bad-unknown

Metadata: attack_target Server, created_at 2021_09_15, cve CVE_2021_38647, deployment Perimeter, deployment Internet, signature_severity Informational, updated_at 2021_09_15

Reference:

Protocol: tcp

Source Network: any

Source Port: [5986,5985,1270]

Destination Network: any

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "|16|"

  • Value: "|0b|"

  • Value: "|06 03 55 04 03|"

  • Value: ".cloudapp.net"

  • Value: "|06 03 55 04 03|"

  • Value: ".cloudapp.net"

Within: 8

PCRE:

Special Options:

source