Versions (2)
Version DetailsCurrent
Rev: 2 • Mar 20, 2025, 10:34 AM🐾 - 🚨 Powershell 🌐 (Windows 🪟) - TLSv1.0 connection to FQDN
alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Powershell 🌐 (Windows 🪟) - TLSv1.0 connection to FQDN"; flow:to_server, stateless; ja3.hash; content:"54328bd36c14bd82ddaa0c04b25ed9ad"; fast_pattern; tls_sni; content:!"lenovo.com"; nocase; endswith; content:!"microsoft.com"; nocase; endswith; metadata:former_category JA3; reference:url,https://learn.microsoft.com/en-us/powershell/; metadata:created_at 2025_03_20, updated_at 2025_03_20; sid:3321427; rev:2; classtype:policy-violation;)
Mar 20, 2025, 10:34 AM
Mar 20, 2025, 12:00 PM
Mar 20, 2025, 10:34 AM
May 29, 2025, 11:12 PM
rules/PAW-PATRULES_VULN.rules