alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC?)"; flow:established,from_server; tls_cert_serial; content:"76:DC:D7:09:68:53:16:74:BB:A8:7B:CC:DE:C4:9D:66:77:43:34:DC"; metadata: former_category MALWARE; reference:url,www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/; classtype:trojan-activity; sid:2029048; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Linux, deployment Perimeter, tag SSL_Malicious_Cert, signature_severity Major, created_at 2019_11_21, malware_family ACBackdoor, performance_impact Low, updated_at 2019_11_21;)

Added 2019-11-21 20:14:22 UTC


Topic revision: r1 - 2019-11-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats