Versions (3)
Version DetailsCurrent
Rev: 3 • Jun 12, 2015, 12:00 PMET MALWARE Torrentlocker C2 SSL cert
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Torrentlocker C2 SSL cert"; flow:established,to_client; tls.cert_serial; content:"00:B3:B2:82:08:58:32:5E:8E"; fast_pattern; tls.cert_subject; content:"L=Default City"; content:"O=Default Company Ltd"; threshold:type limit, track by_src, count 1, seconds 60; reference:md5,77c99b6f06fe443b72a0efaf8f285e4d; classtype:command-and-control; sid:2021260; rev:3; metadata:attack_target Client_Endpoint, created_at 2015_06_12, deployment Perimeter, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_04_23;)
Jun 12, 2015, 12:00 PM
Apr 23, 2024, 12:00 PM
Jun 12, 2015, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-malware.rules