detection icon indicating copy to clipboard operation
detection copied to clipboard
verified publisher icon ditekshen

Rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914

Open madibon opened this issue 3 years ago • 0 comments

Hello,

I would like to report that Videolan still uses the certificate with serial number 0x0407ABB64E9990180789EACB81F5F914 (matching the yara rule rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914) on the lastest versions of vlc.exe.

Moreover an OCSP request for this certificate returns a valid status.

openssl ocsp -issuer DigiCertSHA2AssuredIDCodeSigningCA.crt.pem -serial 0x0407ABB64E9990180789EACB81F5F914 -url http://ocsp.digicert.com/
WARNING: no nonce in response
Response verify OK
0x0407ABB64E9990180789EACB81F5F914: good
    This Update: Oct 17 10:33:01 2022 GMT
    Next Update: Oct 24 09:48:01 2022 GMT

Is there any evidence that the cert was "stolen, revoked or invalid"?

If you have such evidence I think you should immediately communicated it to Videolan to make them stop using the certififcate

Thank you so much for your kind atention.

madibon avatar Oct 18 '22 16:10 madibon