Versions (2)
Version DetailsCurrent
Rev: 3 • Apr 18, 2023, 12:00 PM🐾 - 🚨 Curl User Agent 🌐 (Windows 🪟 TLS1.2)
alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Curl User Agent 🌐 (Windows 🪟 TLS1.2)"; flow:to_server, stateless; ja3.hash; content:"74954a0c86284d0d6e1c4efefe92b521"; fast_pattern; tls_sni; content:!"cdn.bitdefender.net"; endswith; nocase; content:!"avast.com"; endswith; nocase; content:!"onestart.ai"; endswith; nocase; metadata: former_category JA3; reference:url,https://curl.se/; metadata:created_at 2023_04_18, updated_at 2025_03_14; sid:3300199; rev:3; classtype:policy-violation;)
Apr 18, 2023, 12:00 PM
Mar 14, 2025, 12:00 PM
Feb 21, 2024, 4:00 PM
May 29, 2025, 11:12 PM
rules/PAW-PATRULES_VULN.rules