Versions (4)
Version DetailsCurrent
Rev: 3 • Oct 24, 2018, 12:00 PMET MALWARE Possible APT28 DOC Uploader SSL/TLS Certificate Observed
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible APT28 DOC Uploader SSL/TLS Certificate Observed"; flow:established,to_client; tls.cert_subject; content:"CN=mvtband.net"; tls.cert_issuer; content:"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"; tls.cert_serial; content:"03:04:FF:5D:C9:BB:AC:50:C1:7B:3E:4C:1C:68:26:15:F0:3E"; reference:md5,9b10685b774a783eabfecdb6119a8aa3; classtype:targeted-activity; sid:2026539; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_10_24, deployment Perimeter, confidence High, signature_severity Major, tag APT28, updated_at 2020_08_27;)
Oct 24, 2018, 12:00 PM
Aug 27, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-malware.rules