ET MALWARE Ransomware Locky CnC Beacon

SID: 2022538Rev: 71 views
History
Sourceet/open
CreatedFebruary 17, 2016
UpdatedAugust 20, 2020
Classificationcommand-and-control
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Ransomware Locky CnC Beacon"; flow:established,to_server; urilen:9; http.method; content:"POST"; http.uri; content:"/main.php"; fast_pattern; http.request_body; pcre:"/^.{0,15}[^\x20-\x7e\r\n]/s"; http.connection; content:"Keep-Alive"; http.content_len; byte_test:0,<,110,0,string,dec; byte_test:0,>=,100,0,string,dec; http.header_names; content:!"Referer"; reference:md5,b06d9dd17c69ed2ae75d9e40b2631b42; classtype:command-and-control; sid:2022538; rev:7; metadata:attack_target Client_Endpoint, created_at 2016_02_17, deployment Perimeter, signature_severity Major, tag c2, updated_at 2020_08_20, mitre_tactic_id TA0010, mitre_tactic_name Exfiltration, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)

References

md5
b06d9dd17c69ed2ae75d9e40b2631b42
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
created at2016_02_17
deploymentPerimeter
signature severityMajor
tagc2
updated at2020_08_20
mitre tactic idTA0010
mitre tactic nameExfiltration
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!