🐾 - 🚨 Suspicious TLS Certificate - Possible Camaro Dragon 🐉 C2 Server

SID: 3300689Rev: 10 views
Sourcepawpatrules
CreatedMay 30, 2023
UpdatedMay 30, 2023
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Suspicious TLS Certificate - Possible Camaro Dragon 🐉 C2 Server"; flow:to_client, stateless; tls.cert_subject; content:"C=US"; nocase; content:"ST=CA"; content:"L=San Francisco"; content:"CN=blue.net"; tls.cert_issuer; content:"C=US"; nocase; content:"ST=CA"; content:"L=San Francisco"; content:"CN=blue.net"; reference:url,https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/; reference:url,https://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/; metadata:created_at 2023_05_30, updated_at 2023_05_30; sid:3300689; rev:1; classtype:trojan-activity;)

References

urlhttps://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
urlhttps://decoded.avast.io/threatintel/apt-treasure-trove-avast-suspects-chinese-apt-group-mustang-panda-is-collecting-data-from-burmese-government-agencies-and-opposition-groups/

Metadata

created at2023_05_30
updated at2023_05_30

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!