🐾 - 🚨 Ngrok SSL Tunnel tool 🌐 - Possible file exfiltration 🗃 - Tool liked by Daixin Team / Conti Group 👿

SID: 3300084Rev: 20 views
Sourcepawpatrules
CreatedOctober 21, 2022
UpdatedOctober 31, 2022
Classificationpolicy-violation
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Ngrok SSL Tunnel tool 🌐 - Possible file exfiltration 🗃 - Tool liked by Daixin Team / Conti Group 👿"; flow:to_server, stateless; http.host.raw; content:"crl.ngrok.com"; http.user_agent; content:"Go-http-client/"; fast_pattern; nocase; reference:url,https://ngrok.com/download; reference:url,https://www.cisa.gov/uscert/ncas/alerts/aa22-294a; metadata:created_at 2022_10_21, updated_at 2022_10_31; sid:3300084; rev:2; classtype:policy-violation;)

References

urlhttps://ngrok.com/download
urlhttps://www.cisa.gov/uscert/ncas/alerts/aa22-294a

Metadata

created at2022_10_21
updated at2022_10_31

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!