ET INFO Observed Lets Encrypt Certificate for Suspicious TLD (.top)

SID: 2029257Rev: 30 views
History
Sourceet/open
CreatedJanuary 13, 2020
UpdatedOctober 27, 2020
Classificationbad-unknown
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Observed Lets Encrypt Certificate for Suspicious TLD (.top)"; flow:established,to_client; tls.cert_subject; content:".top"; endswith; tls.cert_issuer; content:"Lets Encrypt"; classtype:bad-unknown; sid:2029257; rev:3; metadata:created_at 2020_01_13, deployment Perimeter, performance_impact Low, confidence High, signature_severity Minor, updated_at 2020_10_27;)

Metadata

created at2020_01_13
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMinor
updated at2020_10_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!