alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE Interlock Ransomware Fake Updater CnC Callback"; flow:established,to_server; flowbits:set,ET.Interlock; http.method; content:"post"; nocase; http.uri; content:"/init1234"; fast_pattern; nocase; reference:url,blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/; classtype:trojan-activity; sid:2062145; rev:3; metadata:attack_target Client_Endpoint, created_at 2025_05_07, deployment Perimeter, malware_family Interlock, performance_impact Low, confidence Medium, signature_severity Critical, updated_at 2025_05_16, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1071, mitre_technique_name Application_Layer_Protocol; target:src_ip;)