ET DELETED Possible Updatre Compromised SSL Certificate marchsf

SID: 2017978Rev: 30 viewsHistory

Sourceet/open

CreatedJanuary 17, 2014

UpdatedSeptember 10, 2019

Classificationtrojan-activity

alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET DELETED Possible Updatre Compromised SSL Certificate marchsf"; flow:established,from_server; content:"|02 07 04 81 e4 de 05 6a 5a|"; content:"|0b|marchsf.com"; distance:0; fast_pattern; classtype:trojan-activity; sid:2017978; rev:3; metadata:attack_target Client_Endpoint, created_at 2014_01_17, deployment Perimeter, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2019_09_10;)

Metadata

attack targetClient_Endpoint

created at2014_01_17

deploymentPerimeter

signature severityMajor

tagSSL_Malicious_Cert

updated at2019_09_10

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!