""ET INFO Possible Microsoft OMI Agent Default TLS Certificate Observed""
SID: 2033955
Revision: 2
Class Type: bad-unknown
Metadata: attack_target Server, created_at 2021_09_15, cve CVE_2021_38647, deployment Perimeter, deployment Internet, signature_severity Informational, updated_at 2021_09_15
Reference:
Protocol: tcp
Source Network: any
Source Port: [5986,5985,1270]
Destination Network: any
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|16|"
-
Value: "|0b|"
-
Value: "|06 03 55 04 03|"
-
Value: ".cloudapp.net"
-
Value: "|06 03 55 04 03|"
-
Value: ".cloudapp.net"
Within: 8
PCRE:
Special Options: