πΎ - π¨ TLS connection to πΎ USDoD Threat Actor πΏ File Sharing portal based on lolisafe fast uploader π - Possible encrypted exfiltration - T1048 π±
Sourcepawpatrules
CreatedAugust 18, 2024
UpdatedAugust 18, 2024
Classificationtargeted-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"πΎ - π¨ TLS connection to πΎ USDoD Threat Actor πΏ File Sharing portal based on lolisafe fast uploader π - Possible encrypted exfiltration - T1048 π±"; flow:to_server, stateless; tls_sni; content:"usdod.io"; reference:url,https://attack.mitre.org/techniques/T1048/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/actor/usdod; reference:url,https://samples.vx-underground.org/Papers/Malware%20Defense/Malware%20Analysis/2023/2023-09-20%20-%20Unmasking%20USDoD-%20The%20Enigma%20of%20the%20Cyber%20Realm.pdf; reference:url,https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/; reference:url,https://github.com/BobbyWibowo/lolisafe; target:src_ip; metadata:attack_target Client_and_Server, signature_severity Major, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1048, mitre_technique_name Exfiltration_Over_Alternative_Protocol, created_at 2024_08_18, updated_at 2024_08_18; sid:3321348; rev:2; classtype:targeted-activity;)
References
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!