Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (DCRat C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (DCRat C&C)"; tls_cert_fingerprint; content:"12:87:c1:0b:c6:3d:f5:c8:d6:f6:41:34:65:2e:82:27:cc:3a:b0:07"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/1287c10bc63df5c8d6f64134652e8227cc3ab007/; sid:903204517; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules