🐾 - 🚨 Ngrok SSL Tunnel opened - Local network Windows 🪟 machine exposed on internet 🌐 - Possible file exfiltration 🗃 - Tool liked by Daixin Team 👿 - Suricata Rule 3300217 (pawpatrules)

🐾 - 🚨 Ngrok SSL Tunnel opened - Local network Windows 🪟 machine exposed on internet 🌐 - Possible file exfiltration 🗃 - Tool liked by Daixin Team 👿

SID: 3300217Rev: 10 views

Sourcepawpatrules

CreatedAugust 24, 2023

UpdatedAugust 24, 2023

Classificationpolicy-violation

alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Ngrok SSL Tunnel opened - Local network Windows 🪟 machine exposed on internet 🌐 - Possible file exfiltration 🗃 - Tool liked by Daixin Team 👿"; flow:to_server, stateless; ja3.hash; content:"473cd7cb9faa642487833865d516e578"; fast_pattern; tls_sni; content:"connect.ngrok-agent.com"; metadata:former_category JA3; reference:url,https://ngrok.com/download; reference:url,https://www.cisa.gov/uscert/ncas/alerts/aa22-294a; metadata:created_at 2023_08_24, updated_at 2023_08_24; sid:3300217; rev:1; classtype:policy-violation;)

References

url	https://ngrok.com/download
url	https://www.cisa.gov/uscert/ncas/alerts/aa22-294a

🐾 - 🚨 Ngrok SSL Tunnel opened - Local network Windows 🪟 machine exposed on internet 🌐 - Possible file exfiltration 🗃 - Tool liked by Daixin Team 👿

References

Metadata

Comments (0)