""ET INFO ScreenConnect/ConnectWise Initial Checkin Packet M3""
SID: 2048143
Revision: 1
Class Type: misc-activity
Metadata: attack_target Client_Endpoint, created_at 2023_09_21, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Informational, tag RemoteAccessTool, updated_at 2023_09_21, reviewed_at 2023_09_21
Reference:
-
md5
-
2a90199b9386d9aafbab41a7972398c9
Protocol: tcp
Source Network: [$HOME_NET,$HTTP_SERVERS]
Source Port: any
Destination Network: any
Destination Port: any
Flow:
Contents:
-
Value: "|87 12 10 00 00 00 00 00 00 00 00 00 00 00 00 00|" Depth: 16
-
Value: "|01|"
-
Value: "|01|"
Within: 1
PCRE:
Special Options:
- fast_pattern