APT1-Related SSL Certificate Detected

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

An SSL certificate used in a malware-based command and control
infrastructure was detected on the remote host.

Description :

An SSL certificate associated with the group known as APT1 was
detected on the remote host. APT1's command and control
infrastructure uses several self-signed certificates to encrypt
communications in their command and control infrastructure. The
remote host appears to be using one of these certificates, which
indicates it may have been compromised.

See also :


Solution :

Determine if the system has been compromised, restore from a set of
known good backups if necessary, and investigate your network for further
signs of a breach.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: General

Nessus Plugin ID: 64688 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now