ET MALWARE AnubisNetworks Sinkhole SSL Cert lolcat - specific IPs
Sourceet/open
Fileemerging-malware.rules
CreatedNovember 3, 2014
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert tls [195.22.26.192/26,195.22.28.192/27,195.38.137.100,195.22.4.21,195.157.15.100,212.61.180.100] 443 -> $HOME_NET any (msg:"ET MALWARE AnubisNetworks Sinkhole SSL Cert lolcat - specific IPs"; flow:established,to_client ; flowbits:isnotset,ET.invalid.cab ; tls.cert_subject; content:"CN=lolcat"; fast_pattern; classtype:trojan-activity; sid:2019628; rev:7; metadata:attack_target Client_Endpoint, created_at 2014_11_03, deployment Perimeter, confidence High, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_03_14;)
Metadata
attack targetClient_Endpoint
created at2014_11_03
deploymentPerimeter
confidenceHigh
signature severityMajor
tagSSL_Malicious_Cert
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!