alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; tls_cert_issuer; content:"CN=www"; depth:6; content:".com"; isdataat:!1,relative; pcre:"/^CN=www\.[0-9a-z]{8,20}\.com$/"; tls_cert_subject; content:"CN=www"; depth:6; content:".net"; isdataat:!1,relative; pcre:"/^CN=www\.[0-9a-z]{8,20}\.net$/"; classtype:misc-activity; sid:2018789; rev:4; metadata:created_at 2014_07_28, former_category POLICY, updated_at 2021_07_23;)

Added 2021-07-23 17:51:34 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; classtype:misc-activity; sid:2018789; rev:3; metadata:created_at 2014_07_28, former_category POLICY, updated_at 2017_03_21;)

Added 2020-08-05 19:10:00 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; metadata: former_category POLICY; classtype:misc-activity; sid:2018789; rev:3; metadata:created_at 2014_07_28, updated_at 2017_03_21;)

Added 2018-09-13 19:49:01 UTC


Added 2018-09-13 17:58:49 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; metadata: former_category POLICY; classtype:misc-activity; sid:2018789; rev:3; metadata:created_at 2014_07_28, updated_at 2017_03_21;)

Added 2017-08-07 21:12:56 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; classtype:misc-activity; sid:2018789; rev:3;)

Added 2017-05-05 16:58:53 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; metadata: former_category POLICY; classtype:misc-activity; sid:2018789; rev:3;)

Added 2017-05-03 17:35:15 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; classtype:misc-activity; sid:2018789; rev:3;)

Added 2017-03-22 18:05:24 UTC


alert tcp any ![21,25,110,143,443,465,587,636,989:995,5061,5222,8443] -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01]/Rs"; content:"|06 03 55 04 03|"; distance:0; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.net/Rs"; classtype:trojan-activity; sid:2018789; rev:2;)

Added 2014-09-24 18:17:05 UTC


alert tcp any 9001 -> any any (msg:"ET POLICY TLS possible TOR SSL traffic"; flow:established,from_server; content:"|06 03 55 04 03|"; pcre:"/^.{2}www\.[0-9a-z]{8,20}\.com[01].+?\x06\x03\x55\x04\x03.{2}www\.[0-9a-z]{8,20}\.net/Rs"; classtype:trojan-activity; sid:2018789; rev:1;)

Added 2014-07-28 18:08:35 UTC


Topic revision: r1 - 2021-07-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats