ET HUNTING Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC

SID: 2013806Rev: 40 viewsHistory

Sourceet/open

CreatedOctober 26, 2011

UpdatedJuly 26, 2019

Classificationcommand-and-control

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET HUNTING Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC"; flow:established,from_server; content:"|16 03|"; content:"|0b|"; within:7; content:"admin@common"; classtype:command-and-control; sid:2013806; rev:4; metadata:attack_target Client_Endpoint, created_at 2011_10_26, deployment Perimeter, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2019_07_26;)

Metadata

attack targetClient_Endpoint

created at2011_10_26

deploymentPerimeter

confidenceMedium

signature severityMajor

tagSSL_Malicious_Cert

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!