Rule History

SID: 3300596 • Source: pawpatrules

Versions (3)

Version DetailsCurrent

Rev: 8 • Mar 4, 2022, 12:00 PM

Message:

🐾 - 🔒 TLS connection to (sni) - dropfiles.me - File Sharing solution 🗃 - Possible Leak 🚱 - seen in 🔒 Conti Ransomware Leak

Rule:

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🔒 TLS connection to (sni) - dropfiles.me - File Sharing solution 🗃 - Possible Leak 🚱 - seen in 🔒 Conti Ransomware Leak"; flow:to_server, stateless; tls_sni; content:"dropfiles.me"; nocase;pcre:"/(^|\.)dropfiles\.me$/"; metadata:created_at 2022_03_04, updated_at 2025_09_16; sid:3300596; rev:8; classtype:bad-unknown;)

Created:

Mar 4, 2022, 12:00 PM

Updated:

Sep 16, 2025, 12:00 PM

DB Created:

Feb 21, 2024, 4:00 PM

DB Updated:

Sep 16, 2025, 8:34 PM

Filename:

rules/PAW-PATRULES_LEAKS.rules