🐾 - 🚨 Suspicious SSLv3 connection seen in 🔒 REvil / Sodinokibi ransomware attackSource: woundride/pawpatrules
alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Suspicious SSLv3 connection seen in 🔒 REvil / Sodinokibi ransomware attack"; flow:to_server, stateless; ssl_version:sslv3; ja3.hash; content:"79c9e26fe870347aca15a4b6b6aea6d0"; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.revil; metadata:created_at 2023_11_18, updated_at 2023_11_18; sid:3301091; rev:1; classtype:trojan-activity;)
Reference
URLhttps://malpedia.caad.fkie.fraunhofer.de/details/win.revil
Metadata
created_at2023_11_18
updated_at2023_11_18