Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (Vawtrak MITM)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (Vawtrak MITM)"; tls_cert_fingerprint; content:"bc:c8:b2:e2:01:8c:e5:13:88:79:75:1b:d0:06:53:a8:c2:7f:1c:48"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/bcc8b2e2018ce5138879751bd00653a8c27f1c48/; sid:903200174; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules