ET MALWARE eCh0raix/QNAPCrypt Successful Server Response

SID: 2027705Rev: 21 views
History
Sourceet/open
CreatedJuly 11, 2019
UpdatedApril 30, 2026
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE eCh0raix/QNAPCrypt Successful Server Response"; flow:established,to_client; flowbits:isset,ET.QNAPCrypt.DetailReq; http.response_line; bsize:17; content:"HTTP/1.1 200 OK|0d 0a|"; http.content_type; content:"application/json"; http.response_body; content:"|7b 22|RsaPublicKey|22 3a 22|-----BEGIN RSA PUBLIC KEY"; content:"|22 7d 2c 7b 22|BtcPublicKey|22 3a 22|"; fast_pattern; content:"|22 7d 2c 7b 22|Readme|22 3a 22|"; reference:url,www.intezer.com/blog-seizing-15-active-ransomware-campaigns-targeting-linux-file-storage-servers; classtype:trojan-activity; sid:2027705; rev:2; metadata:attack_target IoT, created_at 2019_07_11, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2026_04_30;)

References

urlwww.intezer.com/blog-seizing-15-active-ransomware-campaigns-targeting-linux-file-storage-servers

Metadata

attack targetIoT
created at2019_07_11
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2026_04_30

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!