🐾 - Many TLS Client Hello - 🥷 Possible Active Scanning activity and / or random TLS impersonation - T1595 - Suricata Rule 3321378 (pawpatrules)

🐾 - Many TLS Client Hello - 🥷 Possible Active Scanning activity and / or random TLS impersonation - T1595

SID: 3321378Rev: 127 views

Sourcepawpatrules

CreatedOctober 15, 2024

UpdatedOctober 15, 2024

Classificationnetwork-scan

alert tls any any -> any any (msg:"🐾 - Many TLS Client Hello - 🥷 Possible Active Scanning activity and / or random TLS impersonation - T1595"; flow:to_server, stateless; threshold:type threshold, track by_both, count 50, seconds 10; flowbits:isset,pptrls.manytlsch; content:"|16 03 01|"; startswith; fast_pattern; content:"|01|"; distance:2; reference:url,https://attack.mitre.org/techniques/T1595/; metadata:attack_target Client_and_Server, signature_severity Information, mitre_tactic_id TA0043, mitre_tactic_name Reconnaissance, mitre_technique_id T1595, mitre_technique_name Active_Scanning, created_at 2024_10_15, updated_at 2024_10_15; sid:3321378; rev:1; classtype:network-scan; noalert;)

References

url	https://attack.mitre.org/techniques/T1595/

Metadata

attack targetClient_and_Server

signature severityInformation

mitre tactic idTA0043

mitre tactic nameReconnaissance

mitre technique idT1595

mitre technique nameActive_Scanning

created at2024_10_15

updated at2024_10_15

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!