THL BellaMain C2 Infrastructure TLS Connection to 79.137.192.3 evotoptan SNI

SID: 3500008Rev: 1Enabled2 views
Filehunters-ledger.rules
CreatedJuly 5, 2026
UpdatedJuly 5, 2026
Classificationtrojan-activity
alert tls $HOME_NET any -> 79.137.192.3 any (msg:"THL BellaMain C2 Infrastructure TLS Connection to 79.137.192.3 evotoptan SNI"; flow:established,to_server; tls.sni; content:"evotoptan"; nocase; classtype:trojan-activity; sid:3500008; rev:1; metadata:author "The Hunters Ledger", date "2026-05-16", mitre_technique "T1071.001", reference "https://the-hunters-ledger.com/hunting-detections/bellamain-turkish-phaas-79-137-192-3-20260516-detections/";)

Metadata

author"The Hunters Ledger"
date"2026-05-16"
mitre technique"T1071.001"
reference"https://the-hunters-ledger.com/hunting-detections/bellamain-turkish-phaas-79-137-192-3-20260516-detections/"

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!