Versions (3)
Version DetailsCurrent
Rev: 3 • Nov 18, 2023, 12:00 PM🐾 - 🚨 Suspicious SSLv3 connection from WinHttpOpen C++ fonction 🪟
alert tls $HOME_NET any -> ![135.224.0.0/13,135.232.0.0/14,135.236.0.0/15] any (msg:"🐾 - 🚨 Suspicious SSLv3 connection from WinHttpOpen C++ fonction 🪟"; flow:to_server, stateless; ssl_version:sslv3; ja3.hash; content:"79c9e26fe870347aca15a4b6b6aea6d0"; reference:url,https://learn.microsoft.com/en-us/windows/win32/api/winhttp/nf-winhttp-winhttpopen; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.revil; metadata:created_at 2023_11_18, updated_at 2025_03_17; sid:3301091; rev:3; classtype:trojan-activity;)
Nov 18, 2023, 12:00 PM
Mar 17, 2025, 12:00 PM
Feb 21, 2024, 4:00 PM
May 29, 2025, 11:12 PM
rules/PAW-PATRULES_MALWARES.rules