################################################################
# abuse.ch Suricata JA3 Fingerprint Ruleset                    #
# For Suricata 4.1.0 or newer                                  #
# Last updated: 2021-08-03 14:33:44 UTC                        #
#                                                              #
# Terms Of Use: https://sslbl.abuse.ch/blacklist/              #
# For questions please contact sslbl [at] abuse.ch             #
################################################################
#
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"f6fd83a21f9f3c5f9ff7b5c63bbc179d"; reference:url, sslbl.abuse.ch/ja3-fingerprints/f6fd83a21f9f3c5f9ff7b5c63bbc179d/; sid:906200000; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Gozi)"; ja3_hash; content:"57f3642b4e37e28f5cbe3020c9331b4c"; reference:url, sslbl.abuse.ch/ja3-fingerprints/57f3642b4e37e28f5cbe3020c9331b4c/; sid:906200001; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"906004246f3ba5e755b043c057254a29"; reference:url, sslbl.abuse.ch/ja3-fingerprints/906004246f3ba5e755b043c057254a29/; sid:906200002; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"9f62c4f26b90d3d757bea609e82f2eaf"; reference:url, sslbl.abuse.ch/ja3-fingerprints/9f62c4f26b90d3d757bea609e82f2eaf/; sid:906200003; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"c50f6a8b9173676b47ba6085bd0c6cee"; reference:url, sslbl.abuse.ch/ja3-fingerprints/c50f6a8b9173676b47ba6085bd0c6cee/; sid:906200004; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Ransomware)"; ja3_hash; content:"2d8794cb7b52b777bee2695e79c15760"; reference:url, sslbl.abuse.ch/ja3-fingerprints/2d8794cb7b52b777bee2695e79c15760/; sid:906200005; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"fd80fa9c6120cdeea8520510f3c644ac"; reference:url, sslbl.abuse.ch/ja3-fingerprints/fd80fa9c6120cdeea8520510f3c644ac/; sid:906200006; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Gozi)"; ja3_hash; content:"c201b92f8b483fa388be174d6689f534"; reference:url, sslbl.abuse.ch/ja3-fingerprints/c201b92f8b483fa388be174d6689f534/; sid:906200007; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"b90bdbe961a648f0427db21aaa6ccb59"; reference:url, sslbl.abuse.ch/ja3-fingerprints/b90bdbe961a648f0427db21aaa6ccb59/; sid:906200008; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"7c410ce832e848a3321432c9a82e972b"; reference:url, sslbl.abuse.ch/ja3-fingerprints/7c410ce832e848a3321432c9a82e972b/; sid:906200009; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"96eba628dcb2b47607192ba74a3b55ba"; reference:url, sslbl.abuse.ch/ja3-fingerprints/96eba628dcb2b47607192ba74a3b55ba/; sid:906200010; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"9c2589e1c0e9f533a022c6205f9719e1"; reference:url, sslbl.abuse.ch/ja3-fingerprints/9c2589e1c0e9f533a022c6205f9719e1/; sid:906200011; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"849b04bdbd1d2b983f6e8a457e0632a8"; reference:url, sslbl.abuse.ch/ja3-fingerprints/849b04bdbd1d2b983f6e8a457e0632a8/; sid:906200012; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"590a232d04d56409fab72e752a8a2634"; reference:url, sslbl.abuse.ch/ja3-fingerprints/590a232d04d56409fab72e752a8a2634/; sid:906200013; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"5e573c9c9f8ba720ef9b18e9fce2e2f7"; reference:url, sslbl.abuse.ch/ja3-fingerprints/5e573c9c9f8ba720ef9b18e9fce2e2f7/; sid:906200014; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"93d056782d649deb51cda44ecb714bb0"; reference:url, sslbl.abuse.ch/ja3-fingerprints/93d056782d649deb51cda44ecb714bb0/; sid:906200015; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Dridex)"; ja3_hash; content:"d6f04b5a910115f4b50ecec09d40a1df"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d6f04b5a910115f4b50ecec09d40a1df/; sid:906200016; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"1543a7c46633acf71e8401baccbd0568"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1543a7c46633acf71e8401baccbd0568/; sid:906200017; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"16efcf0e00504ddfedde13bfea997952"; reference:url, sslbl.abuse.ch/ja3-fingerprints/16efcf0e00504ddfedde13bfea997952/; sid:906200018; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"7691297bcb20a41233fd0a0baa0a3628"; reference:url, sslbl.abuse.ch/ja3-fingerprints/7691297bcb20a41233fd0a0baa0a3628/; sid:906200019; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"92579701f145605e9edc0b01a901c6d5"; reference:url, sslbl.abuse.ch/ja3-fingerprints/92579701f145605e9edc0b01a901c6d5/; sid:906200020; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"b2b61db7b9490a60d270ccb20b462826"; reference:url, sslbl.abuse.ch/ja3-fingerprints/b2b61db7b9490a60d270ccb20b462826/; sid:906200021; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"4d7a28d6f2263ed61de88ca66eb011e3"; reference:url, sslbl.abuse.ch/ja3-fingerprints/4d7a28d6f2263ed61de88ca66eb011e3/; sid:906200022; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"46efd49abcca8ea9baa932da68fdb529"; reference:url, sslbl.abuse.ch/ja3-fingerprints/46efd49abcca8ea9baa932da68fdb529/; sid:906200023; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"e3b2ab1f9a56f2fb4c9248f2f41631fa"; reference:url, sslbl.abuse.ch/ja3-fingerprints/e3b2ab1f9a56f2fb4c9248f2f41631fa/; sid:906200024; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"098f55e27d8c4b0a590102cbdb3a5f3a"; reference:url, sslbl.abuse.ch/ja3-fingerprints/098f55e27d8c4b0a590102cbdb3a5f3a/; sid:906200025; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"fb00055a1196aeea8d1bc609885ba953"; reference:url, sslbl.abuse.ch/ja3-fingerprints/fb00055a1196aeea8d1bc609885ba953/; sid:906200026; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"17fd49722f8d11f3d76dce84f8e099a7"; reference:url, sslbl.abuse.ch/ja3-fingerprints/17fd49722f8d11f3d76dce84f8e099a7/; sid:906200027; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"03e186a7f83285e93341de478334006e"; reference:url, sslbl.abuse.ch/ja3-fingerprints/03e186a7f83285e93341de478334006e/; sid:906200028; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"911479ac8a0813ed1241b3686ccdade9"; reference:url, sslbl.abuse.ch/ja3-fingerprints/911479ac8a0813ed1241b3686ccdade9/; sid:906200029; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"7dcce5b76c8b17472d024758970a406b"; reference:url, sslbl.abuse.ch/ja3-fingerprints/7dcce5b76c8b17472d024758970a406b/; sid:906200030; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"35c0a31c481927f022a3b530255ac080"; reference:url, sslbl.abuse.ch/ja3-fingerprints/35c0a31c481927f022a3b530255ac080/; sid:906200031; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"df5c30e670dba99f9270ed36060cf054"; reference:url, sslbl.abuse.ch/ja3-fingerprints/df5c30e670dba99f9270ed36060cf054/; sid:906200032; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"d7150af4514b868defb854db0f62a441"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d7150af4514b868defb854db0f62a441/; sid:906200033; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"550dce18de1bb143e69d6dd9413b8355"; reference:url, sslbl.abuse.ch/ja3-fingerprints/550dce18de1bb143e69d6dd9413b8355/; sid:906200034; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TorrentLocker)"; ja3_hash; content:"1712287800ac91b34cadd5884ce85568"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1712287800ac91b34cadd5884ce85568/; sid:906200035; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"698e36219f3979420fa2581b21dac7ec"; reference:url, sslbl.abuse.ch/ja3-fingerprints/698e36219f3979420fa2581b21dac7ec/; sid:906200036; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"b13d01846ad7a14a70bf030a16775c78"; reference:url, sslbl.abuse.ch/ja3-fingerprints/b13d01846ad7a14a70bf030a16775c78/; sid:906200037; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"bc6c386f480ee97b9d9e52d472b772d8"; reference:url, sslbl.abuse.ch/ja3-fingerprints/bc6c386f480ee97b9d9e52d472b772d8/; sid:906200038; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (JBifrost)"; ja3_hash; content:"51a7ad14509fd614c7bb3a50c4982b8c"; reference:url, sslbl.abuse.ch/ja3-fingerprints/51a7ad14509fd614c7bb3a50c4982b8c/; sid:906200039; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"29085f03f8e8a03f0b399c5c7cf0b0b8"; reference:url, sslbl.abuse.ch/ja3-fingerprints/29085f03f8e8a03f0b399c5c7cf0b0b8/; sid:906200040; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"d551fafc4f40f1dec2bb45980bfa9492"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d551fafc4f40f1dec2bb45980bfa9492/; sid:906200041; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"b8f81673c0e1d29908346f3bab892b9b"; reference:url, sslbl.abuse.ch/ja3-fingerprints/b8f81673c0e1d29908346f3bab892b9b/; sid:906200042; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"83e04bc58d402f9633983cbf22724b02"; reference:url, sslbl.abuse.ch/ja3-fingerprints/83e04bc58d402f9633983cbf22724b02/; sid:906200043; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"e330bca99c8a5256ae126a55c4c725c5"; reference:url, sslbl.abuse.ch/ja3-fingerprints/e330bca99c8a5256ae126a55c4c725c5/; sid:906200044; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"3d89c0dfb1fa44911b8fa7523ef8dedb"; reference:url, sslbl.abuse.ch/ja3-fingerprints/3d89c0dfb1fa44911b8fa7523ef8dedb/; sid:906200045; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"8991a387e4cc841740f25d6f5139f92d"; reference:url, sslbl.abuse.ch/ja3-fingerprints/8991a387e4cc841740f25d6f5139f92d/; sid:906200046; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Dridex)"; ja3_hash; content:"b386946a5a44d1ddcc843bc75336dfce"; reference:url, sslbl.abuse.ch/ja3-fingerprints/b386946a5a44d1ddcc843bc75336dfce/; sid:906200047; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"a61299f9b501adcf680b9275d79d4ac6"; reference:url, sslbl.abuse.ch/ja3-fingerprints/a61299f9b501adcf680b9275d79d4ac6/; sid:906200048; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"d18a4da84af59e1108862a39bae7c9d4"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d18a4da84af59e1108862a39bae7c9d4/; sid:906200049; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"2092e1fffb45d7e4a19a57f9bc5e203a"; reference:url, sslbl.abuse.ch/ja3-fingerprints/2092e1fffb45d7e4a19a57f9bc5e203a/; sid:906200050; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"0cc1e84568e471aa1d62ad4158ade6b5"; reference:url, sslbl.abuse.ch/ja3-fingerprints/0cc1e84568e471aa1d62ad4158ade6b5/; sid:906200051; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adware)"; ja3_hash; content:"fb58831f892190644fe44e25bc830b45"; reference:url, sslbl.abuse.ch/ja3-fingerprints/fb58831f892190644fe44e25bc830b45/; sid:906200052; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"f22bdd57e3a52de86cda40da2d84e83b"; reference:url, sslbl.abuse.ch/ja3-fingerprints/f22bdd57e3a52de86cda40da2d84e83b/; sid:906200053; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"1d095e68489d3c535297cd8dffb06cb9"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1d095e68489d3c535297cd8dffb06cb9/; sid:906200054; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"8f6c918dcb585ebbea05e2cc94530e3d"; reference:url, sslbl.abuse.ch/ja3-fingerprints/8f6c918dcb585ebbea05e2cc94530e3d/; sid:906200055; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"d76ee64fb7273733cbe455ac81c292e6"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d76ee64fb7273733cbe455ac81c292e6/; sid:906200056; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"34f14a69ad7009ca5863379218af17f3"; reference:url, sslbl.abuse.ch/ja3-fingerprints/34f14a69ad7009ca5863379218af17f3/; sid:906200057; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Dridex)"; ja3_hash; content:"cb98a24ee4b9134448ffb5714fd870ac"; reference:url, sslbl.abuse.ch/ja3-fingerprints/cb98a24ee4b9134448ffb5714fd870ac/; sid:906200058; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Dridex)"; ja3_hash; content:"51c64c77e60f3980eea90869b68c58a8"; reference:url, sslbl.abuse.ch/ja3-fingerprints/51c64c77e60f3980eea90869b68c58a8/; sid:906200059; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adwind)"; ja3_hash; content:"decfb48a53789ebe081b88aabb58ee34"; reference:url, sslbl.abuse.ch/ja3-fingerprints/decfb48a53789ebe081b88aabb58ee34/; sid:906200060; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Adwind)"; ja3_hash; content:"d2935c58fe676744fecc8614ee5356c7"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d2935c58fe676744fecc8614ee5356c7/; sid:906200061; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"e62a5f4d538cbf169c2af71bec2399b4"; reference:url, sslbl.abuse.ch/ja3-fingerprints/e62a5f4d538cbf169c2af71bec2399b4/; sid:906200062; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Gootkit)"; ja3_hash; content:"c5235d3a8b9934b7fbbd204d50bc058d"; reference:url, sslbl.abuse.ch/ja3-fingerprints/c5235d3a8b9934b7fbbd204d50bc058d/; sid:906200063; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Ransomware.Troldesh)"; ja3_hash; content:"1be3ecebe5aa9d3654e6e703d81f6928"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1be3ecebe5aa9d3654e6e703d81f6928/; sid:906200064; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Quakbot)"; ja3_hash; content:"7dd50e112cd23734a310b90f6f44a7cd"; reference:url, sslbl.abuse.ch/ja3-fingerprints/7dd50e112cd23734a310b90f6f44a7cd/; sid:906200065; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Quakbot)"; ja3_hash; content:"3cda52da4ade09f1f781ad2e82dcfa20"; reference:url, sslbl.abuse.ch/ja3-fingerprints/3cda52da4ade09f1f781ad2e82dcfa20/; sid:906200066; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"1aa7bf8b97e540ca5edd75f7b8384bfa"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1aa7bf8b97e540ca5edd75f7b8384bfa/; sid:906200067; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (CoinMiner)"; ja3_hash; content:"40adfd923eb82b89d8836ba37a19bca1"; reference:url, sslbl.abuse.ch/ja3-fingerprints/40adfd923eb82b89d8836ba37a19bca1/; sid:906200068; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"f735bbc6b69723b9df7b0e7ef27872af"; reference:url, sslbl.abuse.ch/ja3-fingerprints/f735bbc6b69723b9df7b0e7ef27872af/; sid:906200069; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"1fe4c7a3544eb27afec2adfb3a3dbf60"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1fe4c7a3544eb27afec2adfb3a3dbf60/; sid:906200070; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"e7643725fcff971e3051fe0e47fc2c71"; reference:url, sslbl.abuse.ch/ja3-fingerprints/e7643725fcff971e3051fe0e47fc2c71/; sid:906200071; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"49ed2ef3f1321e5f044f1e71b0e6fdd5"; reference:url, sslbl.abuse.ch/ja3-fingerprints/49ed2ef3f1321e5f044f1e71b0e6fdd5/; sid:906200072; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"70a04365be5bbd4653698bebeb43ce68"; reference:url, sslbl.abuse.ch/ja3-fingerprints/70a04365be5bbd4653698bebeb43ce68/; sid:906200073; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (None)"; ja3_hash; content:"7a29c223fb122ec64d10f0a159e07996"; reference:url, sslbl.abuse.ch/ja3-fingerprints/7a29c223fb122ec64d10f0a159e07996/; sid:906200074; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"807fca46d9d0cf63adf4e5e80e414bbe"; reference:url, sslbl.abuse.ch/ja3-fingerprints/807fca46d9d0cf63adf4e5e80e414bbe/; sid:906200075; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"1aee0238942d453d679fc1e37a303387"; reference:url, sslbl.abuse.ch/ja3-fingerprints/1aee0238942d453d679fc1e37a303387/; sid:906200076; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"c5deb9465d47232dd48772f9c4d14679"; reference:url, sslbl.abuse.ch/ja3-fingerprints/c5deb9465d47232dd48772f9c4d14679/; sid:906200077; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"52c7396a501e4fecbdfa99c5408334ac"; reference:url, sslbl.abuse.ch/ja3-fingerprints/52c7396a501e4fecbdfa99c5408334ac/; sid:906200078; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"d81d654effb94714a4086734fa0adad9"; reference:url, sslbl.abuse.ch/ja3-fingerprints/d81d654effb94714a4086734fa0adad9/; sid:906200079; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"dff8a0aa1c904aaea76c5bf624e88333"; reference:url, sslbl.abuse.ch/ja3-fingerprints/dff8a0aa1c904aaea76c5bf624e88333/; sid:906200080; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"32926ca3e59f0413d0b98725454594f5"; reference:url, sslbl.abuse.ch/ja3-fingerprints/32926ca3e59f0413d0b98725454594f5/; sid:906200081; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"8f52d1ce303fb4a6515836aec3cc16b1"; reference:url, sslbl.abuse.ch/ja3-fingerprints/8f52d1ce303fb4a6515836aec3cc16b1/; sid:906200082; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"08a8a4e85b25ac42e1490bc85cfdb5ce"; reference:url, sslbl.abuse.ch/ja3-fingerprints/08a8a4e85b25ac42e1490bc85cfdb5ce/; sid:906200083; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"c0220cd64849a629397a9cb68f78a0ea"; reference:url, sslbl.abuse.ch/ja3-fingerprints/c0220cd64849a629397a9cb68f78a0ea/; sid:906200084; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"da949afd9bd6df820730f8f171584a71"; reference:url, sslbl.abuse.ch/ja3-fingerprints/da949afd9bd6df820730f8f171584a71/; sid:906200085; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"534ce2dbc413c68e908363b5df0ae5e0"; reference:url, sslbl.abuse.ch/ja3-fingerprints/534ce2dbc413c68e908363b5df0ae5e0/; sid:906200086; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"bffa4501966196d3d6e90cee1f88fc89"; reference:url, sslbl.abuse.ch/ja3-fingerprints/bffa4501966196d3d6e90cee1f88fc89/; sid:906200087; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"70722097d1fe1d78d8c2164640ab6df4"; reference:url, sslbl.abuse.ch/ja3-fingerprints/70722097d1fe1d78d8c2164640ab6df4/; sid:906200088; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"ffefafdb86336d057eda5fdf02b3d5ce"; reference:url, sslbl.abuse.ch/ja3-fingerprints/ffefafdb86336d057eda5fdf02b3d5ce/; sid:906200089; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"a50a861119aceb0ccc74902e8fddb618"; reference:url, sslbl.abuse.ch/ja3-fingerprints/a50a861119aceb0ccc74902e8fddb618/; sid:906200090; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"25d74b7b4b779eb1efd4b31d26d651c6"; reference:url, sslbl.abuse.ch/ja3-fingerprints/25d74b7b4b779eb1efd4b31d26d651c6/; sid:906200091; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"c2b4710c6888a5d47befe865c8e6fb19"; reference:url, sslbl.abuse.ch/ja3-fingerprints/c2b4710c6888a5d47befe865c8e6fb19/; sid:906200092; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)"; ja3_hash; content:"fc2299d5b2964cd242c5a2c8c531a5f0"; reference:url, sslbl.abuse.ch/ja3-fingerprints/fc2299d5b2964cd242c5a2c8c531a5f0/; sid:906200093; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (TrickBot)"; ja3_hash; content:"8916410db85077a5460817142dcbc8de"; reference:url, sslbl.abuse.ch/ja3-fingerprints/8916410db85077a5460817142dcbc8de/; sid:906200094; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (BitRAT)"; ja3_hash; content:"8515076cbbca9dce33151b798f782456"; reference:url, sslbl.abuse.ch/ja3-fingerprints/8515076cbbca9dce33151b798f782456/; sid:906200095; rev:1;)
alert tls any any -> any any (msg:"SSLBL: Malicious JA3 SSL-Client Fingerprint detected (AsyncRAT)"; ja3_hash; content:"fc54e0d16d9764783542f0146a98b300"; reference:url, sslbl.abuse.ch/ja3-fingerprints/fc54e0d16d9764783542f0146a98b300/; sid:906200096; rev:1;)
# END (97) entries