alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN TROJ_NAIKON.A SSL Cert"; flow:established,from_server; content:"|55 04 03|"; content:"|04|donc"; fast_pattern; distance:1; within:5; content:"|55 04 0b|"; content:"|03|abc"; distance:1; within:4; metadata: former_category MALWARE; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:5; metadata:attack_target Client_Endpoint, deployment Perimeter, tag SSL_Malicious_Cert, signature_severity Major, created_at 2013_04_26, updated_at 2016_07_01;)

Added 2020-01-14 12:51:24 UTC


alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ET TROJAN TROJ_NAIKON.A SSL Cert"; flow:established,from_server; content:"|55 04 03|"; content:"|04|donc"; fast_pattern; distance:1; within:5; content:"|55 04 0b|"; content:"|03|abc"; distance:1; within:4; metadata: former_category MALWARE; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:5; metadata:attack_target Client_Endpoint, deployment Perimeter, tag SSL_Malicious_Cert, signature_severity Major, created_at 2013_04_26, updated_at 2016_07_01;)

Added 2019-09-26 19:57:22 UTC


alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ET TROJAN TROJ_NAIKON.A SSL Cert"; flow:established,from_server; content:"|55 04 03|"; content:"|04|donc"; fast_pattern; distance:1; within:5; content:"|55 04 0b|"; content:"|03|abc"; distance:1; within:4; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:5; metadata:attack_target Client_Endpoint, deployment Perimeter, tag SSL_Malicious_Cert, signature_severity Major, created_at 2013_04_26, updated_at 2016_07_01;)

Added 2017-08-07 21:10:36 UTC


alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN ET TROJAN TROJ_NAIKON.A SSL Cert"; flow:established,from_server; content:"|55 04 03|"; content:"|04|donc"; fast_pattern; distance:1; within:5; content:"|55 04 0b|"; content:"|03|abc"; distance:1; within:4; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:5;)

Added 2015-05-15 19:25:10 UTC


alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET TROJAN ET TROJAN TROJ_NAIKON.A SSL Cert"; flow:established,from_server; content:"|55 04 03|"; content:"|04|donc"; fast_pattern; distance:1; within:5; content:"|55 04 0b|"; content:"|03|abc"; distance:1; within:4; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:5;)

Added 2013-04-29 13:26:51 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN TROJ_NAIKON.A User-Agent (NOKIAN95)"; flow:to_server,established; content:"User-Agent|3A| NOKIAN95|2f|WEB"; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:4;)

Added 2013-04-27 00:46:56 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET TROJAN TROJ_NAIKON.A User-Agent (NOKIAN95)"; flow:to_server,established; content:"User-Agent|3A| NOKIAN95|2f|WEB"; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/; classtype:trojan-activity; sid:2016795; rev:4;)

Added 2013-04-26 18:35:52 UTC


Topic revision: r1 - 2020-01-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats