ET REMOTE_ACCESS AnyDesk Revoked Code Signing Certificate Observed

7.0.35.0SID: 2050707Rev: 2Enabled14 views
Sourceet/open
Fileemerging-remote_access.rules
CreatedFebruary 5, 2024
UpdatedJune 10, 2024
Classificationmisc-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET REMOTE_ACCESS AnyDesk Revoked Code Signing Certificate Observed"; flow:established,to_client; content:"|30 82|"; content:"|0D BF 15 2D EA F0 B9 81 A8 A9 38 D5 3F 76 9D B8|"; distance:9; within:16; fast_pattern; content:"|1e 17 0d|211213000000Z|17 0d|250108235959Z0"; distance:123; within:32; content:"philandro Software GmbH"; distance:75; within:23; reference:url,anydesk.com/en/public-statement; classtype:misc-activity; sid:2050707; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, attack_target Client_Endpoint, created_at 2024_02_05, deployment Perimeter, deployment SSLDecrypt, former_category INFO, performance_impact Low, confidence High, signature_severity Informational, updated_at 2024_06_10; target:dest_ip;)

Metadata

affected productWindows_11
attack targetClient_Endpoint
created at2024_02_05
deploymentSSLDecrypt
former categoryINFO
performance impactLow
confidenceHigh
signature severityInformational
updated at2024_06_10

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!