🐾 - 🚨 Possible DeltaStealer flow

SID: 3300709Rev: 20 views
Sourcepawpatrules
CreatedMay 30, 2023
UpdatedFebruary 18, 2024
Classificationcredential-theft
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Possible DeltaStealer flow"; flow:to_server, stateless; tls_sni; content:"deltastealer."; nocase; reference:url,https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/rust-based-info-stealers-abuse-github-codespaces/IOC-list-rust-based-info-stealers-abuse-github-codespaces.txt; metadata:created_at 2023_05_30, updated_at 2024_02_18; sid:3300709; rev:2; classtype:credential-theft;)

References

urlhttps://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/e/rust-based-info-stealers-abuse-github-codespaces/IOC-list-rust-based-info-stealers-abuse-github-codespaces.txt

Metadata

created at2023_05_30
updated at2024_02_18

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!