ET DELETED Cerber Bitcoin Address Check

SID: 2023676Rev: 30 views
History
Sourceet/open
CreatedDecember 20, 2016
UpdatedJuly 26, 2019
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DELETED Cerber Bitcoin Address Check"; flow:to_server,established; content:"/api/v1/address/txs/17gd1msp5FnMcEMF1MitTNSsYs7w7AQyCt?_="; http_uri; nocase; fast_pattern:20,20; content:!"Referer"; http_header; content:!"|0d 0a|Cookie|3a 20|"; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|MSIE 7.0|3b|"; http_header; reference:url,www.bleepingcomputer.com/news/security/cerber-ransomware-4-10-now-shows-the-version-number-in-ransom-notes/; classtype:trojan-activity; sid:2023676; rev:3; metadata:created_at 2016_12_20, signature_severity Unknown, updated_at 2019_07_26;)

References

urlwww.bleepingcomputer.com/news/security/cerber-ransomware-4-10-now-shows-the-version-number-in-ransom-notes/

Metadata

created at2016_12_20
signature severityUnknown
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!