Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 25, 2025, 11:40 AMSSLBL: Malicious SSL certificate detected (QuasarRAT C&C)
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSLBL: Malicious SSL certificate detected (QuasarRAT C&C)"; tls_cert_fingerprint; content:"06:d2:6b:cf:3e:82:01:5c:2b:11:e1:d8:9a:21:61:22:99:a5:93:1b"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/06d26bcf3e82015c2b11e1d89a21612299a5931b/; sid:903205956; rev:1;)
Jun 25, 2025, 11:40 AM
Jun 25, 2025, 11:40 AM
Jul 17, 2025, 2:34 PM
Jul 17, 2025, 2:34 PM
sslblacklist_tls_cert.rules