alert tcp $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|"; distance:0; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; classtype:successful-admin; sid:2008953; rev:9;)

Added 2011-10-12 19:26:18 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; sid:2008953; rev:9;)

Added 2011-09-14 22:39:42 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:9;)

Added 2011-04-17 00:53:50 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:8;)

Added 2011-02-04 17:28:11 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:8;)

Added 2010-06-15 13:15:59 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:8;)

Added 2010-06-15 13:15:59 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:7;)

Added 2009-02-07 10:30:23 UTC


alert tcp $HOME_NET any -> any any (msg:"ET ATTACK RESPONSE Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:7;)

Added 2009-02-07 10:30:23 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:6;)

Added 2009-02-06 20:53:12 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C|3a 5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:6;)

Added 2009-02-06 20:53:12 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:5;)

Added 2009-02-06 19:00:55 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; reference:url,doc.emergingthreats.net/bin/view/Main/2008953; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Windows_Shell; sid:2008953; rev:5;)

Added 2009-02-06 19:00:55 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C\:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; sid:2008953; rev:4;)

Added 2008-12-31 11:00:23 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp"; distance:0; content:"|0a 0a|C\:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; sid:2008953; rev:4;)

Added 2008-12-31 11:00:23 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp.|0a 0a|C\:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; sid:2008953; rev:3;)

Added 2008-12-30 15:51:29 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp.|0a 0a|C\:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; sid:2008953; rev:3;)

Added 2008-12-30 15:51:29 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established,to_client; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp.|0a 0a|C\:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; sid:2008953; rev:2;)

Added 2008-12-30 14:37:06 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established,to_client; dsize:<110; content:"Microsoft Windows "; depth:20; content:"Copyright 1985-20"; distance:0; content:"Microsoft Corp.|0a 0a|C\:|5c|WINDOWS|5c|"; distance:0; classtype:successful-admin; sid:2008953; rev:2;)

Added 2008-12-30 14:37:06 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established,to_client; dsize:<110; content:"Microsoft Windows 2000 [Version 5."; depth:34; content:"|0a|(C) Copyright 1985-20"; distance:5; within:35; content:"Microsoft Corp.|0a 0a|C\:|5c|WINDOWS|5c|System32>"; distance:0; classtype:successful-admin; sid:2008953; rev:1;)

Added 2008-12-30 11:30:21 UTC


alert tcp $HOME_NET any -> any any (msg:"ET POLICY Possible MS CMD Shell opened on local system"; flow:established,to_client; dsize:<110; content:"Microsoft Windows 2000 [Version 5."; depth:34; content:"|0a|(C) Copyright 1985-20"; distance:5; within:35; content:"Microsoft Corp.|0a 0a|C\:|5c|WINDOWS|5c|System32>"; distance:0; classtype:successful-admin; sid:2008953; rev:1;)

Added 2008-12-30 11:26:07 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats