ET JA3 Hash - [Abuse.ch] Possible Ransomware - Suricata Rule 2028809 (et/open)

ET JA3 Hash - [Abuse.ch] Possible Ransomware

SID: 2028809Rev: 20 viewsHistory

Sourceet/open

CreatedOctober 14, 2019

UpdatedOctober 29, 2019

Classificationunknown

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - [Abuse.ch] Possible Ransomware"; ja3_hash; content:"2d8794cb7b52b777bee2695e79c15760"; reference:url,sslbl.abuse.ch/ja3-fingerprints/; classtype:unknown; sid:2028809; rev:2; metadata:attack_target Client_Endpoint, created_at 2019_10_14, deployment Perimeter, confidence Low, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_29, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)

References

url	sslbl.abuse.ch/ja3-fingerprints/

Metadata

attack targetClient_Endpoint

created at2019_10_14

deploymentPerimeter

confidenceLow

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_10_29

mitre tactic idTA0040

mitre tactic nameImpact

mitre technique idT1486

mitre technique nameData_Encrypted_for_Impact

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!