🐾 - 🚨 Tox chat client flow detected - used in particular by 🔒 Lockbit 3.0 group

SID: 3300294Rev: 146 views
Sourcepawpatrules
CreatedAugust 23, 2022
UpdatedAugust 23, 2022
Classificationpolicy-violation
alert ip any any -> 205.185.115.131 53 (msg:"🐾 - 🚨 Tox chat client flow detected - used in particular by 🔒 Lockbit 3.0 group"; flow:to_server, stateless; app-layer-protocol:!dns; threshold:type limit, track by_src, seconds 60, count 1; reference:url,https://www.joesandbox.com/analysis/671436/0/html#av-urls; reference:url,https://www.joesandbox.com/analysis/669602/0/html#av-urls; reference:url,https://tox.chat/; reference:url,https://www.itpro.co.uk/security/ransomware/368418/latest-lockbit-ransomware-strain-strikingly-similar-to-blackmatter; reference:url,https://www.zataz.com/lockbit-3-0-des-pirates-aux-centaines-de-piratage/; metadata:created_at 2022_08_23, updated_at 2022_08_23; sid:3300294; rev:1; classtype:policy-violation;)

References

urlhttps://www.joesandbox.com/analysis/671436/0/html#av-urls
urlhttps://www.joesandbox.com/analysis/669602/0/html#av-urls
urlhttps://tox.chat/
urlhttps://www.itpro.co.uk/security/ransomware/368418/latest-lockbit-ransomware-strain-strikingly-similar-to-blackmatter
urlhttps://www.zataz.com/lockbit-3-0-des-pirates-aux-centaines-de-piratage/

Metadata

created at2022_08_23
updated at2022_08_23

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!