Versions (4)
Version DetailsCurrent
Rev: 3 • May 14, 2015, 12:00 PMET MALWARE Win32/Ruckguv.A SSL Cert
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Win32/Ruckguv.A SSL Cert"; flow:established,to_client; tls.certs; content:"|11 21 e9 a1 69 3a 6e e9 a8 fb a3 ba 5b ee 9d 6e 60 02|"; tls.cert_subject; content:"CN=elyseeinvestments.com"; fast_pattern; reference:md5,1225b8c9b52d4828b9031267939e8260; classtype:trojan-activity; sid:2021097; rev:3; metadata:attack_target Client_Endpoint, created_at 2015_05_14, deployment Perimeter, malware_family Win32_Ruckguv_A, confidence High, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_04_23;)
May 14, 2015, 12:00 PM
Apr 23, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules