ET INFO Observed Commonly Abused Service Domain (tempfiles .ninja) in TLS SNI

SID: 2055355Rev: 134 views
History
Sourceet/open
CreatedAugust 20, 2024
UpdatedAugust 20, 2024
Classificationmisc-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Observed Commonly Abused Service Domain (tempfiles .ninja) in TLS SNI"; flow:established,to_server; tls.sni; bsize:15; content:"tempfiles.ninja"; fast_pattern; classtype:misc-activity; sid:2055355; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2024_08_20, deployment Perimeter, performance_impact Low, confidence High, signature_severity Informational, updated_at 2024_08_20, reviewed_at 2024_10_04;)

Metadata

affected productAny
attack targetClient_Endpoint
created at2024_08_20
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityInformational
updated at2024_08_20
reviewed at2024_10_04

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!