ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware - Suricata Rule 2028760 (et/open)

ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware

SID: 2028760Rev: 20 viewsHistory

Sourceet/open

CreatedOctober 14, 2019

UpdatedOctober 29, 2019

Classificationunknown

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware"; ja3_hash; content:"1be3ecebe5aa9d3654e6e703d81f6928"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028760; rev:2; metadata:attack_target Client_Endpoint, created_at 2019_10_14, deployment Perimeter, confidence Low, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_29, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)

References

url	sslbl.abuse.ch/ja3-fingerprints/

Metadata

attack targetClient_Endpoint

created at2019_10_14

deploymentPerimeter

confidenceLow

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_10_29

mitre tactic idTA0040

mitre tactic nameImpact

mitre technique idT1486

mitre technique nameData_Encrypted_for_Impact

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!