ET MALWARE Python Typosquatting Domain (files .pypihosted .org) in TLS SNI

SID: 2051784Rev: 29 views
History
Sourceet/open
CreatedMarch 25, 2024
UpdatedOctober 3, 2024
Classificationtrojan-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Python Typosquatting Domain (files .pypihosted .org) in TLS SNI"; flow:established,to_server; tls.sni; bsize:20; content:"files.pypihosted.org"; fast_pattern; reference:url,checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/; reference:md5,fdb9474dbfcfc86b7f8145ef79a226b6; classtype:trojan-activity; sid:2051784; rev:2; metadata:affected_product Any, attack_target Client_and_Server, created_at 2024_03_25, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_10_03, reviewed_at 2024_10_03;)

References

urlcheckmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
md5
fdb9474dbfcfc86b7f8145ef79a226b6
Google SearchBrave Search

Metadata

affected productAny
attack targetClient_and_Server
created at2024_03_25
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_10_03
reviewed at2024_10_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!