Closed dumprop closed 10 months ago
JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence
More info: https://github.com/salesforce/ja3
Can it be helpful for yeti?
Yes, definitely! It would be nice to add it as an observable type. Where would you say we would get the "source data" from?
Abuse have a ja3 feed: https://sslbl.abuse.ch/blacklist/ja3_fingerprints.csv
JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence
More info: https://github.com/salesforce/ja3
Can it be helpful for yeti?