🐾 - 🚨 Suspicious Rclone TLS connection to Uptobox 🌐 - Possible file exfiltration 🗃

SID: 3321422Rev: 178 views
Sourcepawpatrules
CreatedMarch 9, 2025
UpdatedMarch 9, 2025
Classificationpolicy-violation
alert tls $HOME_NET any -> any any (msg:"🐾 - 🚨 Suspicious Rclone TLS connection to Uptobox 🌐 - Possible file exfiltration 🗃"; flow:to_server, stateless; ja3.hash; content:"d1d19c71e48184c6bf6827a3fea5da87"; fast_pattern; tls_sni; content:"uptobox.com"; metadata:former_category JA3; reference:url,https://rclone.org/; metadata:created_at 2025_03_09, updated_at 2025_03_09; sid:3321422; rev:1; classtype:policy-violation;)

References

urlhttps://rclone.org/

Metadata

former categoryJA3

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!