🐾 - 🚨 Suspicious TLS Certificate - 🎛 Possible IceID C2 - Conti 🔒 Ransomware

SID: 3300654Rev: 50 views
Sourcepawpatrules
CreatedMay 14, 2021
UpdatedDecember 3, 2022
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious TLS Certificate - 🎛 Possible IceID C2 - Conti 🔒 Ransomware"; flow:to_client, stateless; tls.cert_subject; content:"CN=localhost"; nocase; content:"L=AU"; content:"ST=Some-State"; nocase; content:"O=Internet Widgits Pty Ltd"; fast_pattern; nocase; reference:url,https://thedfirreport.com/2021/05/12/conti-ransomware/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.conti; metadata:created_at 2021_05_14, updated_at 2022_12_03; sid:3300654; rev:5; classtype:trojan-activity;)

References

urlhttps://thedfirreport.com/2021/05/12/conti-ransomware/
urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.conti

Metadata

created at2021_05_14
updated at2022_12_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!