alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (CoreBot? C2)"; flow:established,from_server; tls_cert_subject; content:"CN=ok.investments"; fast_pattern; nocase; reference:md5,75368c9240a3c238aa3b5518906a3cdb; classtype:trojan-activity; sid:2025485; rev:3; metadata:created_at 2018_04_11, updated_at 2018_04_11;)

Added 2018-09-13 19:54:38 UTC


Added 2018-09-13 18:02:07 UTC


alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (CoreBot? C2)"; flow:established,from_server; tls_cert_subject; content:"CN=ok.investments"; fast_pattern; nocase; reference:md5,75368c9240a3c238aa3b5518906a3cdb; classtype:trojan-activity; sid:2025485; rev:3; metadata:created_at 2018_04_11, updated_at 2018_04_11;)

Added 2018-04-12 16:49:16 UTC


alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (CoreBot? C2)"; flow:established,from_server; tls_cert_subject; content:"CN=something.bad.com"; fast_pattern; nocase; reference:md5,75368c9240a3c238aa3b5518906a3cdb; classtype:trojan-activity; sid:2025485; rev:2; metadata:created_at 2018_04_11, updated_at 2018_04_11;)

Added 2018-04-11 17:28:04 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats