Versions (3)
Version DetailsCurrent
Rev: 7 • Aug 13, 2015, 12:00 PMET MALWARE Possible Dridex SSL Cert Aug 12 2015
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible Dridex SSL Cert Aug 12 2015"; flow:established,to_client; tls.cert_subject; content:"C|3d|US|2c 20|ST|3d|Arizona|2c 20|L|3d|Scottsdale|2c 20|O|3d|"; fast_pattern; pcre:"/^(?!GoDaddy)[A-Z][a-z]+\s[A-Z][a-z]+\s(?:NL|Pty|Inc|Corp|Ltd)/Rs"; content:"CN="; distance:0; pcre:"/^[a-z]{5,}\.[a-z]{2}$/Rs"; classtype:trojan-activity; sid:2021621; rev:7; metadata:attack_target Client_Endpoint, created_at 2015_08_13, deployment Perimeter, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_04_05;)
Aug 13, 2015, 12:00 PM
Apr 5, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules