🐾 - 🚨 Suspicious Rclone TLS connection to Uptobox 🌐 - Possible file exfiltration 🗃

SID: 3300215Rev: 20 views
Sourcepawpatrules
CreatedOctober 15, 2022
UpdatedJanuary 14, 2024
Classificationpolicy-violation
alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Suspicious Rclone TLS connection to Uptobox 🌐 - Possible file exfiltration 🗃"; flow:to_server, stateless; ja3.hash; content:"049f44ae40ab2cab555bdfee22e7d7cb"; fast_pattern; tls_sni; content:"uptobox.com"; metadata:former_category JA3; reference:url,https://rclone.org/; metadata:created_at 2022_10_15, updated_at 2024_01_14; sid:3300215; rev:2; classtype:policy-violation;)

References

urlhttps://rclone.org/

Metadata

former categoryJA3

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!