ET EXPLOIT_KIT Self-Signed SSL Cert Used in Conjunction with Neosploit

SID: 2015865Rev: 20 views
History
Sourceet/open
CreatedNovember 6, 2012
UpdatedJuly 26, 2019
Classificationexploit-kit
alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET EXPLOIT_KIT Self-Signed SSL Cert Used in Conjunction with Neosploit"; flow:from_server,established; content:"|16 03 01|"; content:"|00 be d3 cf b1 fe a1 55 bf|"; distance:0; content:"webmaster@localhost"; distance:0; content:"|30 81 89 02 81 81 00 ac 12 38 fc 5c bf 7c 8c 18 e7 db 09 dc|"; distance:0; classtype:exploit-kit; sid:2015865; rev:2; metadata:attack_target Client_Endpoint, created_at 2012_11_06, deployment Perimeter, confidence High, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2019_07_26;)

Metadata

attack targetClient_Endpoint
created at2012_11_06
deploymentPerimeter
confidenceHigh
signature severityMajor
tagSSL_Malicious_Cert
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!