🐾 - 🚨 Possible Microsoft Teams - client for Linux 🐧 - P2P direct Calling via STUN connection

SID: 3300159Rev: 90 views
Sourcepawpatrules
CreatedApril 1, 2023
UpdatedFebruary 28, 2024
Classificationattempted-user
alert udp $HOME_NET any -> ![20.192.0.0/10,52.96.0.0/12,137.117.0.0/16,51.103.0.0/16,51.104.0.0/16,51.105.0.0/16,52.112.0.0/14,52.96.0.0/12,130.61.0.0/16,3.0.0.0/9,100.64.0.0/10,$HOME_NET] [1023:] (msg:"🐾 - 🚨 Possible Microsoft Teams - client for Linux 🐧 - P2P direct Calling via STUN connection"; flow:to_server, stateless; content:"|00 01|"; depth:2; content:"|21 12 a4 42|"; distance:2; within:4; content:"|00 06 00 09|"; pcre:"/....:..../"; content:"|c0 57 00 04|"; fast_pattern; content:"|80|"; distance:4; content:"|00 08|"; distance:1; reference:url,https://www.rfc-editor.org/rfc/rfc5389; reference:url,https://en.wikipedia.org/wiki/STUN; reference:url,https://www.microsoft.com/en-us/microsoft-teams/group-chat-software; metadata:created_at 2023_04_01, updated_at 2024_02_28; sid:3300159; rev:9; classtype:attempted-user;)

References

urlhttps://www.rfc-editor.org/rfc/rfc5389
urlhttps://en.wikipedia.org/wiki/STUN
urlhttps://www.microsoft.com/en-us/microsoft-teams/group-chat-software

Metadata

created at2023_04_01
updated at2024_02_28

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!