ET HUNTING Valve Steam Store Domain in TLS SNI (store .steampowered .com)

SID: 2063969Rev: 50 views
History
Sourceet/open
CreatedAugust 11, 2025
UpdatedOctober 1, 2025
Classificationmisc-activity
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET HUNTING Valve Steam Store Domain in TLS SNI (store .steampowered .com)"; flow:established,to_server; tls.sni; bsize:24; content:"store.steampowered.com"; fast_pattern; reference:url,community.emergingthreats.net/t/vidar-stealer-picks-up-steam/271; classtype:misc-activity; sid:2063969; rev:5; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_08_11, deployment Perimeter, former_category MALWARE, performance_impact Low, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_10_01; target:src_ip;)

References

urlcommunity.emergingthreats.net/t/vidar-stealer-picks-up-steam/271

Metadata

attack targetClient_Endpoint
tls stateplaintext
created at2025_08_11
deploymentPerimeter
former categoryMALWARE
performance impactLow
confidenceHigh
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2025_10_01

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!