ET MALWARE [ANY.RUN] Stealc/Vidar Stealer TLS CertificateSource: et/open
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE [ANY.RUN] Stealc/Vidar Stealer TLS Certificate"; flow:established,to_client; tls.cert_subject; content:"CN="; pcre:"/^(?:25[0-5]|2[0-4]\d|[0-1]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d{1,2})){3}$/R"; content:"OU=privateIP"; content:"O=StaticIP"; fast_pattern; content:"L=NY"; content:"ST=NY"; content:"C=XX"; reference:md5,8db522805e565ad411c8b713dd5558a1; reference:url,app.any.run/tasks/f1d0c5fd-5e4e-49cc-984e-751cf7ea56fc; classtype:trojan-activity; sid:2049253; rev:1; metadata:attack_target Client_Endpoint, created_at 2023_11_17, deployment Perimeter, former_category MALWARE, malware_family Stealc, malware_family VidarStealer, confidence High, signature_severity Major, updated_at 2023_11_17;)
Reference
md5Search Brave for 8db522805e565ad411c8b713dd5558a1
md5Search Google for 8db522805e565ad411c8b713dd5558a1
URLhttp://app.any.run/tasks/f1d0c5fd-5e4e-49cc-984e-751cf7ea56fc
Metadata
attack_targetClient_Endpoint
created_at2023_11_17
deploymentPerimeter
former_categoryMALWARE
malware_familyStealc
malware_familyVidarStealer
confidenceHigh
signature_severityMajor
updated_at2023_11_17