Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (TA505 C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (TA505 C&C)"; tls_cert_fingerprint; content:"15:ef:78:c6:16:02:7d:df:46:02:e0:39:a7:1f:50:5a:22:d6:75:65"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/15ef78c616027ddf4602e039a71f505a22d67565/; sid:903203337; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules