🐾 - 🚨 Suspicious TLS connection to possible backdoored machine by LocalTunnel service - Suricata Rule 3300296 (pawpatrules)

🐾 - 🚨 Suspicious TLS connection to possible backdoored machine by LocalTunnel service

SID: 3300296Rev: 10 views

Sourcepawpatrules

CreatedDecember 4, 2022

UpdatedDecember 4, 2022

Classificationpolicy-violation

alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Suspicious TLS connection to possible backdoored machine by LocalTunnel service"; flow:to_server, stateless; tls_sni; content:"loca.lt"; endswith; reference:url,https://theboroer.github.io/localtunnel-www/; metadata:created_at 2022_12_04, updated_at 2022_12_04; sid:3300296; rev:1; classtype:policy-violation;)

References

url	https://theboroer.github.io/localtunnel-www/

Metadata

created at2022_12_04

updated at2022_12_04

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!