TGI HUNT VulnTesting Domain (ceye .io in TLS SNI)
Sourcetgreen/hunting
Filehunting.rules
CreatedMarch 19, 2025
UpdatedMarch 19, 2025
Classificationtrojan-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"TGI HUNT VulnTesting Domain (ceye .io in TLS SNI)"; flow:established,to_server ; tls_sni; content:"ceye.io"; isdataat:!1,relative ; nocase; reference:url,gist.github.com/travisbgreen/3f7ddcd5841d802e536d5854e2218e8c ; classtype:trojan-activity; sid:2610256; rev:1;)
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!