Et rule 2034818 - Magic-SigExplorer

""ET POLICY Serialized Java Object returned via LDAPv3 Response""

SID: 2034818

Revision: 2

Class Type: bad-unknown

Metadata: attack_target Client_and_Server, created_at 2021_12_21, cve CVE_2021_44228, deployment Perimeter, deployment Internal, signature_severity Informational, updated_at 2021_12_21

Reference:

cve
2021-44228

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

Value: "|30|" Depth: 1
Value: "|04 0d|javaClassName"
Value: "|04 12|javaSerializedData"
Value: "|ac ed|"

Within: 10

PCRE:

Special Options:

fast_pattern

source