ET MALWARE CozyDuke APT Possible SSL Cert 8
Sourceet/open
Fileemerging-malware.rules
CreatedApril 22, 2015
UpdatedApril 12, 2024
Classificationtargeted-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE CozyDuke APT Possible SSL Cert 8"; flow:established,to_client ; tls.cert_serial; content:"5f:31" ; startswith; tls.cert_subject; content:"C=--"; startswith; content:"SomeCity"; distance:0; content:"root@localhost.localdomain"; fast_pattern; reference:md5,f58a4369b8176edbde4396dc977c9008 ; reference:url,www.symantec.com/security_response/writeup.jsp?docid=2015-030500-0430-99 ; reference:url,securelist.com/blog/69731/the-cozyduke-apt/ ; classtype:targeted-activity; sid:2020974; rev:6; metadata:attack_target Client_Endpoint, created_at 2015_04_22, deployment Perimeter, confidence Medium, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2024_04_12;)
References
| md5 | f58a4369b8176edbde4396dc977c9008 |
| url | www.symantec.com/security_response/writeup.jsp?docid=2015-030500-0430-99 |
| url | securelist.com/blog/69731/the-cozyduke-apt/ |
Metadata
attack targetClient_Endpoint
created at2015_04_22
deploymentPerimeter
confidenceMedium
signature severityMajor
tagSSL_Malicious_Cert
updated at2024_04_12
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!