Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (DCRat C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (DCRat C&C)"; tls_cert_fingerprint; content:"c0:4b:a0:ac:48:76:d5:54:8b:aa:4b:cb:c2:7e:c3:d8:99:8a:f0:48"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/c04ba0ac4876d5548baa4bcbc27ec3d8998af048/; sid:903204398; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules