ET MALWARE Windigo SSH Connection Received (Ebury < 1.7.0)

SID: 2027729Rev: 26 viewsHistory

Sourceet/open

CreatedJuly 19, 2019

UpdatedJuly 26, 2019

Classificationtrojan-activity

alert ssh [94.140.120.163,49.50.70.223,80.82.67.21,125.160.17.32] any -> any any (msg:"ET MALWARE Windigo SSH Connection Received (Ebury < 1.7.0)"; ssh_proto; content:"2.0"; ssh_software; pcre:"/^[a-f0-9]{40,}$/"; reference:url,security.web.cern.ch/security/advisories/windigo/windigo.shtml; classtype:trojan-activity; sid:2027729; rev:2; metadata:attack_target Client_Endpoint, created_at 2019_07_19, deployment Perimeter, confidence Medium, signature_severity Major, tag Windigo, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

References

url	security.web.cern.ch/security/advisories/windigo/windigo.shtml

Metadata

attack targetClient_Endpoint

created at2019_07_19

deploymentPerimeter

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!