Versions (3)
Version DetailsCurrent
Rev: 4 • Mar 23, 2015, 12:00 PMET MALWARE Possible Adwind/jSocket SSL Cert (assylias.Inc)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Adwind/jSocket SSL Cert (assylias.Inc)"; flow:established,to_client; tls.cert_serial; content:"1F:23:9D:BD"; tls.cert_subject; content:"O=assylias.Inc"; fast_pattern; reference:md5,4e5c28fab23b35dea2d48a1c2db32b56; reference:md5,b102c26e04e97bda97b11bfe7366e61e; classtype:trojan-activity; sid:2020728; rev:4; metadata:attack_target Client_Endpoint, created_at 2015_03_23, deployment Perimeter, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2022_04_18, reviewed_at 2024_03_27;)
Mar 23, 2015, 12:00 PM
Apr 18, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules