ET MALWARE WeyhroC2 Heartbeat
Sourceet/open
CreatedJanuary 8, 2026
UpdatedJanuary 8, 2026
Classificationtrojan-activity
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE WeyhroC2 Heartbeat"; flow:established,to_client; content:"|7b 22|data|22 3a 7b 22|id|22 3a 22|"; fast_pattern; offset:4; content:"|7d 2c 22|type|22|"; offset:4; content:"ping"; distance:0; reference:url,lumma-labs.com/weyhro-c2-because-ransomware-wasnt-paying-the-bills-anymore-b136fd7ef100; reference:url,virustotal.com/gui/file/ec4ab4e4d700c9e5fdda59eb879a2bf18d0eefd825539d64677144d43a744cee/behavior; classtype:trojan-activity; sid:2066636; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, affected_product Windows_8, affected_product Windows_10, attack_target Client_Endpoint, tls_state plaintext, created_at 2026_01_08, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag c2, tag WeyhroC2, updated_at 2026_01_08, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1041, mitre_technique_name Exfiltration_Over_C2_Channel;)
References
Metadata
affected productWindows_10
attack targetClient_Endpoint
tls stateplaintext
created at2026_01_08
deploymentSSLDecrypt
confidenceHigh
signature severityMajor
tagWeyhroC2
updated at2026_01_08
mitre tactic idTA0011
mitre tactic nameCommand_And_Control
mitre technique idT1041
mitre technique nameExfiltration_Over_C2_Channel
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!