TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint

SID: 10014550Rev: 11 views
History
Sourceptrules/open
CreatedNovember 11, 2025
UpdatedFebruary 10, 2026
Classificationattempted-admin
alert tls any any -> any 636 (msg:"TOOLS [PTsecurity] Possible AD Attacking Tool JA3 fingerprint"; flow:established, to_server; ja3.hash; content:"f72589e607f9b36992b6b437ce399f26"; threshold:type limit, track by_src, seconds 300, count 1; reference:url, github.com/Synzack/ldapper; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10014550; rev:1;)

References

urlgithub.com/Synzack/ldapper
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!