""ET TROJAN Meterpreter or Other Reverse Shell SSL Cert""
SID: 2035651
Revision: 2
Class Type: trojan-activity
Metadata: attack_target Client_Endpoint, created_at 2015_09_22, deployment Perimeter, signature_severity Major, tag SSL_Malicious_Cert, updated_at 2015_12_16
Reference:
-
md5
-
c3f76f444edf0b90b887d7979342e9f0
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,from_server
Contents:
-
Value: "|0b|"
-
Value: "|04 08 bb 00 ee|"
-
Value: "|55 04 06 13 00|"
-
Value: "|55 04 08 13 00|"
-
Value: "|55 04 07 13 00|"
-
Value: "|55 04 0a 13 00|"
-
Value: "|55 04 0b 13 00|"
-
Value: "|55 04 03 13 00|"
Within: 5
PCRE:
Special Options:
- fast_pattern