🐾 - 🚨 Suspicious TLSv1.2 JA3 connection from 🪟 Windows - Possible 👿 Rhadamanthys InfoStealer

SID: 3300723Rev: 10 views
Sourcepawpatrules
CreatedSeptember 23, 2023
UpdatedSeptember 23, 2023
Classificationtrojan-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Suspicious TLSv1.2 JA3 connection from 🪟 Windows - Possible 👿 Rhadamanthys InfoStealer"; flow:to_server, stateless; ja3.hash; content:"caec7ddf6889590d999d7ca1b76373b6"; metadata:former_category JA3; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys; reference:url,https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/; metadata:created_at 2023_09_23, updated_at 2023_09_23; sid:3300723; rev:1; classtype:trojan-activity;)

References

urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
urlhttps://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/

Metadata

former categoryJA3

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!