🐾 - ⚠ Suspicious TLSv1 connection from 🪟 Windows Powershell to public IP address - Suricata Rule 3300717 (pawpatrules)

🐾 - ⚠ Suspicious TLSv1 connection from 🪟 Windows Powershell to public IP address

SID: 3300717Rev: 10 views

Sourcepawpatrules

CreatedMarch 17, 2023

UpdatedMarch 17, 2023

Classificationtrojan-activity

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - ⚠ Suspicious TLSv1 connection from 🪟 Windows Powershell to public IP address"; flow:to_server, stateless; ja3.hash; content:"fc54e0d16d9764783542f0146a98b300"; metadata:former_category JA3; reference:url,https://learn.microsoft.com/en-us/powershell/; metadata:created_at 2023_03_17, updated_at 2023_03_17; sid:3300717; rev:1; classtype:trojan-activity;)

References

url	https://learn.microsoft.com/en-us/powershell/

🐾 - ⚠ Suspicious TLSv1 connection from 🪟 Windows Powershell to public IP address

References

Metadata

Comments (0)