""ET INFO Microsoft cmd.exe Banner Output - Decimal Encoded""
SID: 2040360
Revision: 1
Class Type: misc-activity
Metadata: attack_target Client_and_Server, created_at 2022_11_29, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2022_11_29
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "77 105 99 114 111 115 111 102 116 32 87 105 110 100 111 119 115 32"
-
Value: "40 99 41 32 77 105 99 114 111 115 111 102 116 32 67 111 114 112 111 114 97 116 105 111 110 46 32 65 108 108 32 114 105 103 104 116 115 32 114 101 115 101 114 118 101 100 46"
Within:
PCRE:
Special Options:
- fast_pattern