ET INFO Possible Windows Binary Observed in SSL/TLS Certificate
Sourceet/open
Fileemerging-info.rules
CreatedFebruary 6, 2018
UpdatedMarch 27, 2024
Classificationmisc-attack
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET INFO Possible Windows Binary Observed in SSL/TLS Certificate"; flow:established,to_client ; tls.certs; bsize:>768; content:"This program cannot be run in DOS mode"; nocase; reference:url,www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities ; classtype:misc-attack; sid:2025315; rev:4; metadata:attack_target Client_Endpoint, created_at 2018_02_06, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_27;)
Metadata
attack targetClient_Endpoint
created at2018_02_06
deploymentPerimeter
confidenceMedium
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_27
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!