🐾 - 🚨 Suspicious Windows 🪟 TLSv1.2 connection to githubusercontent.com - possible unwanted application

SID: 3301107Rev: 19 views
Sourcepawpatrules
CreatedDecember 31, 2023
UpdatedDecember 31, 2023
Classificationpolicy-violation
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Suspicious Windows 🪟 TLSv1.2 connection to githubusercontent.com - possible unwanted application"; flow:to_server, stateless; ja3.hash; content:"3b5074b1b5d032e5620f69f9f700ff0e"; fast_pattern; tls_sni; content:"githubusercontent.com"; endswith; nocase; metadata:created_at 2023_12_31, updated_at 2023_12_31; sid:3301107; rev:1; classtype:policy-violation;)

Metadata

created at2023_12_31
updated at2023_12_31

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!