Rule History

SID: 3300213 • Source: pawpatrules

Versions (2)

Version DetailsCurrent

Rev: 2 • Oct 10, 2022, 12:00 PM

Message:

🐾 - 🚨 Possible Rclone TLS connection 🌐 - Possible file exfiltration 🗃

Rule:

alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Possible Rclone TLS connection 🌐 - Possible file exfiltration 🗃"; flow:to_server, stateless; ja3.hash; content:"049f44ae40ab2cab555bdfee22e7d7cb"; tls_sni; content:!"ipinfo.io"; metadata: former_category JA3; reference:url,https://rclone.org/; metadata:created_at 2022_10_10, updated_at 2024_10_17; sid:3300213; rev:2; classtype:policy-violation;)

Created:

Oct 10, 2022, 12:00 PM

Updated:

Oct 17, 2024, 12:00 PM

DB Created:

Feb 21, 2024, 4:00 PM

DB Updated:

May 29, 2025, 11:12 PM

Filename:

rules/PAW-PATRULES_VULN.rules