🐾 - 🚨 Suspicious TLS Certificate - Possible Emotet 👿 C2 Server

SID: 3300659Rev: 52 views
Sourcepawpatrules
CreatedNovember 24, 2021
UpdatedDecember 3, 2022
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious TLS Certificate - Possible Emotet 👿 C2 Server"; flow:to_client, stateless; tls.cert_subject; content:"CN=example.com"; nocase; content:"L=London"; content:"ST=London"; content:"O=Global Security"; fast_pattern; content:"C=GB"; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.emotet; metadata:created_at 2021_11_24, updated_at 2022_12_03; sid:3300659; rev:5; classtype:trojan-activity;)

References

urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.emotet

Metadata

created at2021_11_24
updated at2022_12_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!