Rule History

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET HUNTING Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC"; flow:established,from_server; content:"|16 03|"; content:"|0b|"; within:7; content:"admin@common"; classtype:command-and-control; sid:2013806; rev:4; metadata:attack_target Client_Endpoint, created_at 2011_10_26, deployment Perimeter, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2019_07_26;)