EmergingThreats> Main Web>2029006 (2019-11-21, TWikiGuest) EditAttach

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC?)"; flow:established,to_client; tls_cert_subject; content:"CN=craypot.live"; nocase; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users; classtype:trojan-activity; sid:2029006; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_11_20, malware_family NukeSped?, performance_impact Low, updated_at 2019_11_20;)

Added 2019-11-20 21:20:02 UTC

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC?)"; flow:established,to_client; tls_cert_subject; content:"CN=craypot.live"; nocase; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users; classtype:trojan-activity; sid:2029006; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_11_20, malware_family NukeSped?, performance_impact Low, updated_at 2019_11_20;)

Added 2019-11-20 19:20:23 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2019-11-21 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats