Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (LummaStealer malware distribution)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (LummaStealer malware distribution)"; tls_cert_fingerprint; content:"fe:65:63:1e:92:a3:c2:6f:ed:f9:11:5a:d7:f8:f7:b0:ee:a1:30:b5"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/fe65631e92a3c26fedf9115ad7f8f7b0eea130b5/; sid:903206767; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules