ET MALWARE REvil Exfil SFTP Certificate Inbound

7.0.35.0SID: 2033205Rev: 2Enabled0 views
Sourceet/open
Fileemerging-malware.rules
CreatedJune 30, 2021
UpdatedMarch 7, 2024
Classificationtargeted-activity
alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE REvil Exfil SFTP Certificate Inbound"; flow:established,to_client; content:"Kanzas City"; nocase; fast_pattern; content:"System IT Inc"; content:"|55 04 03|"; content:"|06|server"; distance:1; within:7; reference:url,thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/; classtype:targeted-activity; sid:2033205; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_06_30, deployment Perimeter, malware_family Ransomware, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07, reviewed_at 2024_05_06;)

Metadata

attack targetClient_Endpoint
created at2021_06_30
deploymentPerimeter
malware familyRansomware
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_07
reviewed at2024_05_06

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!