🐾 - 🚨 TLS connection to possible 😾 USDoD Threat Actor 👿 File Sharing portal based on lolisafe fast uploader 🗃 - Possible encrypted exfiltration - T1048 🚱
Sourcepawpatrules
CreatedAugust 18, 2024
UpdatedAugust 18, 2024
Classificationtargeted-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 TLS connection to possible 😾 USDoD Threat Actor 👿 File Sharing portal based on lolisafe fast uploader 🗃 - Possible encrypted exfiltration - T1048 🚱"; flow:to_server, stateless; tls_sni; content:"suffer.rip"; reference:url,https://attack.mitre.org/techniques/T1048/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/actor/usdod; reference:url,https://samples.vx-underground.org/Papers/Malware%20Defense/Malware%20Analysis/2023/2023-09-20%20-%20Unmasking%20USDoD-%20The%20Enigma%20of%20the%20Cyber%20Realm.pdf; reference:url,https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/; reference:url,https://github.com/BobbyWibowo/lolisafe; target:src_ip; metadata:attack_target Client_and_Server, signature_severity Major, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1048, mitre_technique_name Exfiltration_Over_Alternative_Protocol, created_at 2024_08_18, updated_at 2024_08_18; sid:3321349; rev:1; classtype:targeted-activity;)
References
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!