Versions (3)
Version DetailsCurrent
Rev: 2 • Oct 14, 2019, 12:00 PMET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware"; ja3_hash; content:"1be3ecebe5aa9d3654e6e703d81f6928"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028760; rev:2; metadata:attack_target Client_Endpoint, created_at 2019_10_14, deployment Perimeter, confidence Low, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_29, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)
Oct 14, 2019, 12:00 PM
Oct 29, 2019, 12:00 PM
Oct 14, 2019, 12:00 PM
Sep 22, 2025, 9:34 PM
rules/emerging-ja3.rules