🐾 - 🚨 Curl (Windows) connection to temp.sh - possible upload - Leak 🚱 - Suricata Rule 3300398 (pawpatrules)

🐾 - 🚨 Curl (Windows) connection to temp.sh - possible upload - Leak 🚱

SID: 3300398Rev: 30 views

Sourcepawpatrules

CreatedMarch 4, 2022

UpdatedJune 21, 2023

Classificationbad-unknown

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Curl (Windows) connection to temp.sh - possible upload - Leak 🚱"; flow:to_server, stateless; tls_sni; content:"temp.sh"; nocase; ja3.hash; content:"4ea056e63b7910cbf543f0c095064dfe"; metadata:created_at 2022_03_04, updated_at 2023_06_21; sid:3300398; rev:3; classtype:bad-unknown;)

Metadata

created at2022_03_04

updated at2023_06_21

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!