ET DELETED Cryptolocker C2 SSL cert serial

SID: 2021253Rev: 23 views
Sourceet/open
CreatedJune 11, 2015
UpdatedJuly 26, 2019
Classificationcommand-and-control
alert tcp $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET DELETED Cryptolocker C2 SSL cert serial"; flow:established,to_client; content:"|b3 b2 82 08 58 32 5e 8e|"; fast_pattern:only; reference:url,www.hybrid-analysis.com/sample/3ebc6999da89eaf44d94195b588cb869d894ca754a248b074893d11f6dd19188?environmentId=4; reference:md5,2c339dbb40b3b19ee275e4c7c1c17a18; classtype:command-and-control; sid:2021253; rev:2; metadata:attack_target Client_Endpoint, created_at 2015_06_11, deployment Perimeter, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2019_07_26;)

References

urlwww.hybrid-analysis.com/sample/3ebc6999da89eaf44d94195b588cb869d894ca754a248b074893d11f6dd19188?environmentId=4
md5
2c339dbb40b3b19ee275e4c7c1c17a18
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2015_06_11
deploymentPerimeter
signature severityMajor
tagSSL_Malicious_Cert
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!