Versions (4)
Version DetailsCurrent
Rev: 2 • Nov 29, 2022, 12:00 PMET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1 .compute .amazonaws .com)
alert dns $HOME_NET any -> any any (msg:"ET MALWARE Observed DNS Query to W32/Filecoder.KY!tr.ransom Domain (ec2-3-125-223-134 .eu-central-1 .compute .amazonaws .com)"; dns.query; content:"ec2-3-125-223-134.eu-central-1.compute.amazonaws.com"; nocase; bsize:52; reference:url,www.fortinet.com/blog/threat-research/Ransomware-Roundup-Cryptonite-Ransomware; classtype:trojan-activity; sid:2040351; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_11_29, deployment Perimeter, deprecation_reason Age, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_08_29, reviewed_at 2023_08_29;)
Nov 29, 2022, 12:00 PM
Aug 29, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 27, 2025, 9:35 PM
rules/emerging-malware.rules