This attack poses a minor threat. Corrective action may not be possible or is not required.
This signature detects a reserved unimplemented Trans2 subcommand; possibly used for DoublePulsar backdoor covert communication.
SMB Trans2 Request/Response is used by DoublePulsar with an unimplemented subcommand 'Session Setup' for it's covert communication. Microsoft documents this subcommand as reserved/unimplemented.
- Various Windows Platforms.
Unless otherwise known, any unintended SMB Trans2 Request/Response in this network traffic should be treated as Malicious. Actions should be taken to suspend and audit the communication and potentially block this network Activity from further communication.
If you want to block this traffic, refer following link: