alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE 7ev3n Ransomware Related Activity (GET)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/q/getreceivedbyaddress/1Lud76Q98VRHCUiyK7XUs7AgFofrqXeP78"; fast_pattern; bsize:58; http.host; content:"blockchain.info"; bsize:15; http.user_agent; content:"Internet Explorer"; bsize:17; reference:url,twitter.com/James_inthe_box/status/1602405602965475329; reference:md5,e4bac3dc658debc435eb3a5ad415ab96; reference:md5,958c7b963bb4e53581e669337d93ad38; reference:md5,40852a31e32ba7021533250ca31d024d; classtype:trojan-activity; sid:2042767; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_12_13, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag Ransomware, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_13, mitre_tactic_id TA0040, mitre_tactic_name Impact, mitre_technique_id T1486, mitre_technique_name Data_Encrypted_for_Impact;)