Versions (5)
Version DetailsCurrent
Rev: 1 • May 28, 2021, 12:00 PMET JA3 Hash - Possible Rclone Client Response (Mega Storage)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Possible Rclone Client Response (Mega Storage)"; flowbits:isset,ET.rclone; ja3s.hash; content:"b607b6456e5d8a98efa7eb7f15029431"; reference:url,twitter.com/NCCGroupInfosec/status/1398137873954652163; classtype:bad-unknown; sid:2033056; rev:1; metadata:created_at 2021_05_28, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_05_28;)
May 28, 2021, 12:00 PM
May 28, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 11, 2025, 9:34 PM
rules/emerging-ja3.rules