Rule History

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET INFO Possible TURKTRUST Spoofed Google Cert"; flow:established,to_client; content:"|16 03|"; depth:2; content:"*.EGO.GOV.TR"; nocase; fast_pattern; content:"*.google.com"; reference:url,eb.archive.org/web/20230000000000*/https://security.googleblog.com/2013/01/enhancing-digital-certificate-security.html; reference:url,web.archive.org/web/20221012111218/https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2798897?redirectedfrom=MSDN; classtype:misc-attack; sid:2016154; rev:3; metadata:created_at 2013_01_04, deprecation_reason Age, confidence Medium, signature_severity Informational, updated_at 2023_05_01;)