""ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)""
SID: 2036377
Revision: 2
Class Type: trojan-activity
Metadata: created_at 2022_04_26, cve CVE_2022_21449, updated_at 2022_04_26
Reference:
-
cve
-
2022-21449
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: $HTTP_PORTS
Destination Network: $HOME_NET
Destination Port: any
Flow: established, to_client
Contents:
-
Value: "|16 03 03|"
-
Value: "|0c|"
-
Value: "|04 03 00 08 30 06 02 01 00 02 01 00|"
Within: 1
PCRE:
Special Options: