ET REMOTE_ACCESS SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software)
Sourceet/open
Fileemerging-remote_access.rules
CreatedJuly 26, 2019
UpdatedJune 10, 2024
Classificationmisc-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET REMOTE_ACCESS SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software)"; flow:established,to_client ; threshold:type limit, track by_dst, count 1, seconds 600 ; tls.cert_subject; content:"C=DE, O=philandro Software GmbH, CN=AnyNet Relay" ; endswith; fast_pattern; reference:md5,1501639af59b0ff39d41577af30367cf ; reference:url,jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf ; classtype:misc-activity; sid:2027761; rev:6; metadata:attack_target Client_Endpoint, created_at 2019_07_26, deployment Perimeter, former_category POLICY, malware_family AnyDesk, performance_impact Low, confidence High, signature_severity Informational, tag RemoteAccessTool, updated_at 2024_06_10;)
References
| md5 | 1501639af59b0ff39d41577af30367cf |
| url | jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf |
Metadata
attack targetClient_Endpoint
created at2019_07_26
deploymentPerimeter
former categoryPOLICY
malware familyAnyDesk
performance impactLow
confidenceHigh
signature severityInformational
tagRemoteAccessTool
updated at2024_06_10
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!