Versions (3)
Version DetailsCurrent
Rev: 6 • Apr 6, 2013, 12:00 PMET MALWARE Revoyem Ransomware Check-in
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Revoyem Ransomware Check-in"; flow:established,to_server; http.uri; content:".php?id="; content:"&os="; content:"&bot_id="; fast_pattern; pcre:"/\.php\?id=[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}&os=\d\.\d[^&]*&bot_id=/"; reference:url,www.botnets.fr/index.php/Revoyem; classtype:trojan-activity; sid:2016731; rev:6; metadata:attack_target Client_Endpoint, created_at 2013_04_06, deployment Perimeter, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_18, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)
Apr 6, 2013, 12:00 PM
Sep 18, 2020, 12:00 PM
Apr 6, 2013, 12:00 PM
Dec 2, 2025, 11:34 PM
rules/emerging-malware.rules