Versions (3)
Version DetailsCurrent
Rev: 8 • Mar 10, 2022, 12:00 PM🐾 - 🔒 TLS connection to (sni) - www.handybackup.net - File Sharing solution 🗃 - Possible Leak 🚱 - seen in 🔒 RagnarLocker Attack
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🔒 TLS connection to (sni) - www.handybackup.net - File Sharing solution 🗃 - Possible Leak 🚱 - seen in 🔒 RagnarLocker Attack"; flow:to_server, stateless; tls_sni; content:"www.handybackup.net"; nocase;pcre:"/(^|\.)www\.handybackup\.net$/"; metadata:created_at 2022_03_10, updated_at 2025_09_16; sid:3300599; rev:8; classtype:bad-unknown;)
Mar 10, 2022, 12:00 PM
Sep 16, 2025, 12:00 PM
Feb 21, 2024, 4:00 PM
Sep 16, 2025, 8:34 PM
rules/PAW-PATRULES_LEAKS.rules