Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (Vawtrak C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (Vawtrak C&C)"; tls_cert_fingerprint; content:"7f:9b:36:d5:67:8b:a5:c7:eb:1a:1a:c4:f1:ff:59:e1:00:46:a6:74"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/7f9b36d5678ba5c7eb1a1ac4f1ff59e10046a674/; sid:903201698; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules