ET MALWARE Possible APT28 DOC Uploader SSL/TLS Certificate Observed

SID: 2026539Rev: 30 viewsHistory

Sourceet/open

CreatedOctober 24, 2018

UpdatedAugust 27, 2020

Classificationtargeted-activity

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Possible APT28 DOC Uploader SSL/TLS Certificate Observed"; flow:established,to_client; tls.cert_subject; content:"CN=mvtband.net"; tls.cert_issuer; content:"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"; tls.cert_serial; content:"03:04:FF:5D:C9:BB:AC:50:C1:7B:3E:4C:1C:68:26:15:F0:3E"; reference:md5,9b10685b774a783eabfecdb6119a8aa3; classtype:targeted-activity; sid:2026539; rev:3; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2018_10_24, deployment Perimeter, confidence High, signature_severity Major, tag APT28, updated_at 2020_08_27;)

References

md5	9b10685b774a783eabfecdb6119a8aa3 Google Search Brave Search

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

attack targetClient_Endpoint

created at2018_10_24

deploymentPerimeter

confidenceHigh

signature severityMajor

tagAPT28

updated at2020_08_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!