🐾 - 🚨 Suspicious OpenSSL demo TLS Certificate with the same informations in subject and issuer including > Internet Widgits Pty Ltd - Possible Trickbot or BumbleBee 👿 C2 Server - Suricata Rule 3300671 (pawpatrules)

🐾 - 🚨 Suspicious OpenSSL demo TLS Certificate with the same informations in subject and issuer including > Internet Widgits Pty Ltd - Possible Trickbot or BumbleBee 👿 C2 Server

SID: 3300671Rev: 31 views

Sourcepawpatrules

CreatedApril 2, 2022

UpdatedDecember 6, 2022

Classificationtrojan-activity

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious OpenSSL demo TLS Certificate with the same informations in subject and issuer including > Internet Widgits Pty Ltd - Possible Trickbot or BumbleBee 👿 C2 Server"; flow:established,to_client; tls.cert_subject; content:"C=AU"; content:"ST=Some-State"; content:"O=Internet Widgits Pty Ltd"; tls.cert_issuer; content:"C=AU"; content:"ST=Some-State"; content:"O=Internet Widgits Pty Ltd"; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.trickbot; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.bumblebee; metadata:created_at 2022_04_02, updated_at 2022_12_06; sid:3300671; rev:3; classtype:trojan-activity;)

References

url	https://malpedia.caad.fkie.fraunhofer.de/details/win.trickbot
url	https://malpedia.caad.fkie.fraunhofer.de/details/win.bumblebee

🐾 - 🚨 Suspicious OpenSSL demo TLS Certificate with the same informations in subject and issuer including > Internet Widgits Pty Ltd - Possible Trickbot or BumbleBee 👿 C2 Server

References

Metadata

Comments (0)