I would like to report that Videolan still uses the certificate with serial number 0x0407ABB64E9990180789EACB81F5F914 (matching the yara rule rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914) on the lastest versions of vlc.exe.
Moreover an OCSP request for this certificate returns a valid status.
openssl ocsp -issuer DigiCertSHA2AssuredIDCodeSigningCA.crt.pem -serial 0x0407ABB64E9990180789EACB81F5F914 -url http://ocsp.digicert.com/
WARNING: no nonce in response
Response verify OK
0x0407ABB64E9990180789EACB81F5F914: good
This Update: Oct 17 10:33:01 2022 GMT
Next Update: Oct 24 09:48:01 2022 GMT
Is there any evidence that the cert was "stolen, revoked or invalid"?
If you have such evidence I think you should immediately communicated it to Videolan to make them stop using the certififcate
Hello,
I would like to report that Videolan still uses the certificate with serial number 0x0407ABB64E9990180789EACB81F5F914 (matching the yara rule rule INDICATOR_KB_CERT_0407abb64e9990180789eacb81f5f914) on the lastest versions of vlc.exe.
Moreover an OCSP request for this certificate returns a valid status.
Is there any evidence that the cert was "stolen, revoked or invalid"?
If you have such evidence I think you should immediately communicated it to Videolan to make them stop using the certififcate
Thank you so much for your kind atention.