🐾 - 🚨 Suspicious SSLIP.IO Wildcard DNS TLS Connection (seen in FIN8 attacks)

SID: 3300178Rev: 50 views
Sourcepawpatrules
CreatedJanuary 20, 2022
UpdatedJune 15, 2022
Classificationpolicy-violation
alert tls any any -> any any (msg:"🐾 - 🚨 Suspicious SSLIP.IO Wildcard DNS TLS Connection (seen in FIN8 attacks)"; flow:to_server, stateless; tls_sni; content:".sslip.io"; nocase; reference:url,https://sslip.io/; reference:url,https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation; metadata:created_at 2022_01_20, updated_at 2022_06_15; sid:3300178; rev:5; classtype:policy-violation;)

References

urlhttps://sslip.io/
urlhttps://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation

Metadata

created at2022_01_20
updated at2022_06_15

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!