ET FILE_SHARING Abused File Sharing Site Domain Observed (qaz .su) in TLS SNI

7.0.35.0SID: 2038801Rev: 3Enabled0 views
Sourceet/open
Fileemerging-file_sharing.rules
CreatedSeptember 12, 2022
UpdatedJune 27, 2024
Classificationmisc-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET FILE_SHARING Abused File Sharing Site Domain Observed (qaz .su) in TLS SNI"; flow:established,to_server; tls.sni; bsize:6; content:"qaz.su"; fast_pattern; reference:url,isc.sans.edu/diary/rss/29034; classtype:misc-activity; sid:2038801; rev:3; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2022_09_12, deployment Perimeter, former_category INFO, performance_impact Low, confidence High, signature_severity Informational, updated_at 2024_06_27, reviewed_at 2024_09_17;)

Metadata

affected productAny
attack targetClient_Endpoint
created at2022_09_12
deploymentPerimeter
former categoryINFO
performance impactLow
confidenceHigh
signature severityInformational
updated at2024_06_27
reviewed at2024_09_17

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!