Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (Vawtrak MITM)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (Vawtrak MITM)"; tls_cert_fingerprint; content:"e8:52:a3:e8:cd:0b:eb:2d:28:df:62:2e:2c:a4:d5:4d:f4:3c:cc:9f"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/e852a3e8cd0beb2d28df622e2ca4d54df43ccc9f/; sid:903200123; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules