alert tls $EXTERNAL_NET 443 -> $HOME_NET any (msg:"ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Ixeshe CnC?)"; flow:established,from_server; content:"|09 00 b5 c7 52 c9 87 81 b5 03|"; content:"|55 04 03|"; distance:0; content:"|09|localhost"; distance:1; within:10; reference:url,sslbl.abuse.ch; classtype:trojan-activity; sid:2022960; rev:2;)

Added 2016-07-11 18:12:44 UTC


Topic revision: r1 - 2016-07-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats