alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (Win32/Gadwats Banker CnC? Domain)"; flow:from_server,established; tls_cert_subject; content:"CN=www.windowsdriversupd.com"; nocase; isdataat:!1,relative; metadata: former_category TROJAN; reference:md5,07b78bcfb2a6540f060385c9bf00c155; reference:url,www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Gadwats.A; classtype:trojan-activity; sid:2026467; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, tag Banker, signature_severity Major, created_at 2018_10_10, malware_family Gadwats, performance_impact Low, updated_at 2018_10_10;)

Added 2018-10-10 18:38:08 UTC


Topic revision: r1 - 2018-10-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats