ET INFO Commonly Abused File Sharing Site Domain Observed (send .exploit .in in TLS SNI)

SID: 2035148Rev: 10 views
History
Sourceet/open
CreatedFebruary 8, 2022
UpdatedFebruary 8, 2022
Classificationmisc-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Commonly Abused File Sharing Site Domain Observed (send .exploit .in in TLS SNI)"; flow:established,to_server; tls.sni; content:"send.exploit.in"; bsize:15; fast_pattern; reference:url,www.ic3.gov/Media/News/2022/220204.pdf; classtype:misc-activity; sid:2035148; rev:1; metadata:created_at 2022_02_08, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_02_08;)

References

urlwww.ic3.gov/Media/News/2022/220204.pdf

Metadata

created at2022_02_08
confidenceHigh
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_02_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!