Versions (5)
Version DetailsCurrent
Rev: 2 • Oct 19, 2021, 12:00 PMET MALWARE [CISA AA21-291A] Possible BlackMatter Ransomware Lateral Movement
alert tcp any any -> [$HOME_NET,$HTTP_SERVERS] 445 (msg:"ET MALWARE [CISA AA21-291A] Possible BlackMatter Ransomware Lateral Movement"; content:"|01 00 00 00 00 00 05 00 01 00|"; content:"|2e 00 52 00 45 00 41 00 44 00 4d 00 45 00 2e 00 74 00|"; distance:100; fast_pattern; detection_filter:track by_src, count 4, seconds 1; classtype:command-and-control; sid:2034225; rev:2; metadata:attack_target Client_Endpoint, created_at 2021_10_19, deployment Perimeter, deployment Internal, malware_family BlackMatter, confidence Medium, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_10_19, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1570, mitre_technique_name Lateral_Tool_Transfer;)
Oct 19, 2021, 12:00 PM
Oct 19, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 8, 2025, 9:34 PM
rules/emerging-malware.rules