🐾 - 🚨 Suspicious TLS Certificate - Possible malicious server linked to BlackByte Ransomware 🔒

SID: 3300661Rev: 22 views
Sourcepawpatrules
CreatedFebruary 15, 2022
UpdatedDecember 3, 2022
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious TLS Certificate - Possible malicious server linked to BlackByte Ransomware 🔒"; flow:to_client, stateless; tls.cert_subject; content:"CN=BitTorrent"; nocase; content:"L=San Francisco"; fast_pattern; content:"ST=CA"; content:"O=BitTorrent"; content:"C=US"; reference:url,https://www.ic3.gov/Media/News/2022/220211.pdf; reference:url,https://www.shodan.io/search?query=ssl%3ACN%3DBitTorrent; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.blackbyte; metadata:created_at 2022_02_15, updated_at 2022_12_03; sid:3300661; rev:2; classtype:trojan-activity;)

References

urlhttps://www.ic3.gov/Media/News/2022/220211.pdf
urlhttps://www.shodan.io/search?query=ssl%3ACN%3DBitTorrent
urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.blackbyte

Metadata

created at2022_02_15
updated at2022_12_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!