ET MALWARE 7ev3n Ransomware Related Activity (GET)
Sourceet/open
Fileemerging-malware.rules
CreatedDecember 13, 2022
UpdatedMarch 26, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE 7ev3n Ransomware Related Activity (GET)"; flow:established,to_server ; http.method; content:"GET"; http.uri; bsize:58; content:"/q/getreceivedbyaddress/1Lud76Q98VRHCUiyK7XUs7AgFofrqXeP78"; fast_pattern; http.host; bsize:15; content:"blockchain.info"; http.user_agent; bsize:17; content:"Internet Explorer"; reference:url,twitter.com/James_inthe_box/status/1602405602965475329 ; reference:md5,e4bac3dc658debc435eb3a5ad415ab96 ; reference:md5,958c7b963bb4e53581e669337d93ad38 ; reference:md5,40852a31e32ba7021533250ca31d024d ; classtype:trojan-activity; sid:2042767; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_12_13, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_26, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)
References
| url | twitter.com/James_inthe_box/status/1602405602965475329 |
| md5 | e4bac3dc658debc435eb3a5ad415ab96 |
| md5 | 958c7b963bb4e53581e669337d93ad38 |
| md5 | 40852a31e32ba7021533250ca31d024d |
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!