Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (OrcusRAT C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (OrcusRAT C&C)"; tls_cert_fingerprint; content:"91:6b:a4:8c:05:fc:16:b7:39:d6:dc:cf:b5:1d:2f:0c:57:68:df:20"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/916ba48c05fc16b739d6dccfb51d2f0c5768df20/; sid:903202616; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules