ET POLICY SSL Certificate IRC GEEKS Likely Encrypted IRC or CnC

SID: 2019387Rev: 41 views
History
Sourceet/open
CreatedOctober 10, 2014
UpdatedMarch 21, 2024
Classificationcommand-and-control
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET POLICY SSL Certificate IRC GEEKS Likely Encrypted IRC or CnC"; flow:established,to_client; tls.cert_subject; content:"O=IRC geeks"; fast_pattern; classtype:command-and-control; sid:2019387; rev:4; metadata:attack_target Client_Endpoint, created_at 2014_10_10, deployment Perimeter, deprecation_reason Relevance, confidence High, signature_severity Informational, tag SSL_Malicious_Cert, updated_at 2024_03_21, reviewed_at 2024_03_21;)

Metadata

attack targetClient_Endpoint
created at2014_10_10
deploymentPerimeter
deprecation reasonRelevance
confidenceHigh
signature severityInformational
tagSSL_Malicious_Cert
updated at2024_03_21
reviewed at2024_03_21

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!