ET MALWARE Interlock RAT CnC Checkin

SID: 2062408Rev: 13 views
Sourceet/open
CreatedMay 16, 2025
UpdatedMay 16, 2025
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"ET MALWARE Interlock RAT CnC Checkin"; flow:established,to_server; content:"|55 11 69 df 7b 22 69 70 74 61 72 67 65 74 22 3a|"; startswith; fast_pattern; content:"|22 64 6f 6d 61 69 6e 22 3a|"; distance:0; content:"|22 70 63 6e 61 6d 65 22 3a|"; distance:0; content:"|22 72 75 6e 61 73 22 3a|"; distance:0; content:"|22 74 79 70 65 66 22 3a|"; distance:0; content:"|22 76 65 72 6f 73 22 3a|"; distance:0; reference:url,blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/; reference:md5,7a5af6b8cc4b94cf0af8ae8bd56224f3; classtype:trojan-activity; sid:2062408; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_05_16, deployment Perimeter, malware_family Interlock, confidence High, signature_severity Major, tag RAT, updated_at 2025_05_16;)

References

urlblog.sekoia.io/interlock-ransomware-evolving-under-the-radar/
md5
7a5af6b8cc4b94cf0af8ae8bd56224f3
Google SearchBrave Search

Metadata

attack targetClient_Endpoint
tls stateTLSDecrypt
created at2025_05_16
deploymentPerimeter
malware familyInterlock
confidenceHigh
signature severityMajor
tagRAT
updated at2025_05_16

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!