Back to Rule

Rule History

SID: 2025315 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 2Feb 6, 2018, 12:00 PM

ET POLICY Possible Windows Binary Observed in SSL/TLS Certificate

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY Possible Windows Binary Observed in SSL/TLS Certificate"; flow:established,from_server; tls.certs; content:"This program cannot be run in DOS mode"; nocase; bsize:>768; reference:url,www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities; classtype:misc-attack; sid:2025315; rev:2; metadata:attack_target Client_Endpoint, created_at 2018_02_06, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_28;)

Feb 6, 2018, 12:00 PM

Mar 28, 2022, 12:00 PM

Sep 21, 2024, 3:00 AM

Sep 29, 2025, 9:34 PM

rules/emerging-policy.rules