Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (Vawtrak MITM)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (Vawtrak MITM)"; tls_cert_fingerprint; content:"b6:02:85:17:c1:0f:e9:e3:10:48:f0:2e:58:53:e5:c1:74:1f:ef:b8"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/b6028517c10fe9e31048f02e5853e5c1741fefb8/; sid:903200122; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules