🐾 - 🚨 Possible Rclone TLS connection 🌐 - Possible file exfiltration 🗃
Sourcepawpatrules
CreatedMarch 9, 2025
UpdatedMarch 9, 2025
Classificationpolicy-violation
alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Possible Rclone TLS connection 🌐 - Possible file exfiltration 🗃"; flow:to_server, stateless; ja3.hash; content:"d1d19c71e48184c6bf6827a3fea5da87"; tls_sni; content:!"ipinfo.io"; metadata:former_category JA3; reference:url,https://rclone.org/; metadata:created_at 2025_03_09, updated_at 2025_03_09; sid:3321420; rev:1; classtype:policy-violation;)
References
Metadata
former categoryJA3
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!