Rule History

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Winlock/Torrentlocker SSL Cert"; flow:established,to_client; tls.cert_serial; content:"00:D5:F9:A6:1A:FA:1E:76:C6"; fast_pattern; tls.cert_subject; content:"C=XX"; content:"L=Default City"; reference:md5,0453512c8c3bb940e8c40833d1076353; reference:url,www.csis.dk/da/csis/news/4726/; classtype:trojan-activity; sid:2021867; rev:3; metadata:attack_target Client_Endpoint, created_at 2015_09_30, deployment Perimeter, confidence High, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_04_23;)