Signature Detail

Short Name	SHELLCODE:X86:WIN-SHELL-XPFW
Severity	Critical
Recommended	Yes
Recommended Action	Drop
Category	SHELLCODE
Keywords	SHELLCODE: Windows Disable Windows ICF Bind TCP Shell Metasploit Payload
Release Date	2014/08/27
Update Number	2413
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SHELLCODE: Windows Disable Windows ICF Bind TCP Shell Metasploit Payload

This signature detects shellcode designed to disable windows ICF and spawn a command shell on connect with a configurable port. Attempts to execute such shellcode indicate malicious activity.

References

URL: http://www.rapid7.com/db/modules/payload/windows/shell_bind_tcp_xpfw

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

SHELLCODE: Windows Disable Windows ICF Bind TCP Shell Metasploit Payload

References