Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (ServHelper C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (ServHelper C&C)"; tls_cert_fingerprint; content:"af:6e:d0:4f:88:a7:d5:a3:0a:32:5a:6a:f5:b4:a1:6a:45:97:4b:b0"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/af6ed04f88a7d5a30a325a6af5b4a16a45974bb0/; sid:903204511; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules