ET MALWARE Possible Chimera Ransomware - Bitmessage Activity - Suricata Rule 2022075 (et/open)

ET MALWARE Possible Chimera Ransomware - Bitmessage Activity

SID: 2022075Rev: 10 viewsHistory

Sourceet/open

CreatedNovember 12, 2015

UpdatedJuly 26, 2019

Classificationpolicy-violation

alert tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"ET MALWARE Possible Chimera Ransomware - Bitmessage Activity"; flow:established,to_server; content:"version"; offset:4; depth:7; content:"Bitmessage|3a|"; distance:0; reference:md5,b66a864255ad796cf1e82f973f67f556; reference:url,reaqta.com/2015/11/diving-into-chimera-ransomware/; classtype:policy-violation; sid:2022075; rev:1; metadata:attack_target Client_Endpoint, created_at 2015_11_12, deployment Perimeter, confidence Medium, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)

References

md5	b66a864255ad796cf1e82f973f67f556 Google Search Brave Search
url	reaqta.com/2015/11/diving-into-chimera-ransomware/

Metadata

attack targetClient_Endpoint

created at2015_11_12

deploymentPerimeter

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

mitre tactic idTA0040

mitre tactic nameImpact

mitre technique idT1486

mitre technique nameData_Encrypted_for_Impact

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!