Versions (4)
Version DetailsCurrent
Rev: 4 • Feb 23, 2016, 12:00 PMET MALWARE Ransomware Locky .onion Payment Domain
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Ransomware Locky .onion Payment Domain"; dns.query; content:"twbers4hmi6dx65f"; depth:16; fast_pattern; nocase; reference:url,www.hybrid-analysis.com/sample/02b21d4a90a2a50506711a9c120b1e51f77084eba25688f7db2b9571037465dc?environmentId=1; classtype:trojan-activity; sid:2022560; rev:4; metadata:attack_target Client_Endpoint, created_at 2016_02_23, deployment Perimeter, confidence High, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_01, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)
Feb 23, 2016, 12:00 PM
Sep 1, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 13, 2025, 9:34 PM
rules/emerging-malware.rules