Versions (3)
Version DetailsCurrent
Rev: 6 • Nov 3, 2014, 12:00 PMET MALWARE AnubisNetworks Sinkhole SSL Cert lolcat - specific IPs
alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET MALWARE AnubisNetworks Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client; tls.cert_subject; content:"CN=lolcat"; fast_pattern; flowbits:isnotset,ET.invalid.cab; classtype:trojan-activity; sid:2019628; rev:6; metadata:attack_target Client_Endpoint, created_at 2014_11_03, deployment Perimeter, confidence High, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2022_03_16;)
Nov 3, 2014, 12:00 PM
Mar 16, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules