🐾 - 🚨 Self signed TLS Certificate + JA3S seen in Windows 10 🪟 compromised by Emotet 👿

SID: 3300688Rev: 11 views
Sourcepawpatrules
CreatedMarch 24, 2023
UpdatedMarch 24, 2023
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Self signed TLS Certificate + JA3S seen in Windows 10 🪟 compromised by Emotet 👿"; flow:to_client, stateless; tls.cert_subject; content:"CN=example.com"; nocase; content:"L=London"; content:"ST=London"; content:"O=Global Security"; fast_pattern; content:"C=GB"; ja3s.hash; content:"70999de61602be74d4b25185843bd18e"; tls.cert_issuer; content:"CN=example.com"; nocase; content:"L=London"; content:"ST=London"; content:"O=Global Security"; content:"C=GB"; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.emotet; reference:url,https://beta.onyphe.io/docs/use-cases/discovering-an-unknown-infrastructure; metadata:created_at 2023_03_24, updated_at 2023_03_24; sid:3300688; rev:1; classtype:trojan-activity;)

References

urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.emotet
urlhttps://beta.onyphe.io/docs/use-cases/discovering-an-unknown-infrastructure

Metadata

created at2023_03_24
updated at2023_03_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!