🐾 - 🚨 Suspicious flow to api.gofile.io - Possible Python Disin Trojan 🐴 file exfiltration 🚱

SID: 3300722Rev: 10 views
Sourcepawpatrules
CreatedJune 21, 2023
UpdatedJune 21, 2023
Classificationtrojan-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Suspicious flow to api.gofile.io - Possible Python Disin Trojan 🐴 file exfiltration 🚱"; flow:to_server, stateless; ja3.hash; content:"47f56493e551459ad91fdee8f61435f3"; tls_sni; content:"api.gofile.io"; metadata:former_category JA3; reference:url,https://www.virustotal.com/gui/file/d8fa3fe4104b545e8bbc5816e1efafe541d146c451d8ce085bab537f40e36c0f/detection; metadata:created_at 2023_06_21, updated_at 2023_06_21; sid:3300722; rev:1; classtype:trojan-activity;)

References

urlhttps://www.virustotal.com/gui/file/d8fa3fe4104b545e8bbc5816e1efafe541d146c451d8ce085bab537f40e36c0f/detection

Metadata

former categoryJA3

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!