alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC?)"; flow:established,to_client; tls_cert_subject; content:"CN=craypot.live"; nocase; isdataat:!1,relative; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users; classtype:trojan-activity; sid:2029006; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, created_at 2019_11_20, deployment Perimeter, former_category MALWARE, malware_family NukeSped?, performance_impact Low, signature_severity Major, updated_at 2019_11_20;)

Added 2020-08-05 19:17:12 UTC

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC?)"; flow:established,to_client; tls_cert_subject; content:"CN=craypot.live"; nocase; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users; classtype:trojan-activity; sid:2029006; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_11_20, malware_family NukeSped?, performance_impact Low, updated_at 2019_11_20;)

Added 2019-11-20 21:20:02 UTC

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET TROJAN Observed Malicious SSL Cert (OSX/Nukesped CnC?)"; flow:established,to_client; tls_cert_subject; content:"CN=craypot.live"; nocase; isdataat:!1,relative; metadata: former_category MALWARE; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users; classtype:trojan-activity; sid:2029006; rev:2; metadata:affected_product Mac_OSX, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_11_20, malware_family NukeSped?, performance_impact Low, updated_at 2019_11_20;)

Added 2019-11-20 19:20:23 UTC