🐾 - 🚨 Suspicious NIP.IO Wildcard DNS TLS Connection (seen in FIN8 attacks)

SID: 3300177Rev: 50 views
Sourcepawpatrules
CreatedJanuary 20, 2022
UpdatedJune 15, 2022
Classificationpolicy-violation
alert tls any any -> any any (msg:"🐾 - 🚨 Suspicious NIP.IO Wildcard DNS TLS Connection (seen in FIN8 attacks)"; flow:to_server, stateless; tls_sni; content:".nip.io"; nocase; reference:url,https://nip.io/; reference:url,https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html; metadata:created_at 2022_01_20, updated_at 2022_06_15; sid:3300177; rev:5; classtype:policy-violation;)

References

urlhttps://nip.io/
urlhttps://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html

Metadata

created at2022_01_20
updated at2022_06_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!