ET MALWARE The Gentlemen Ransomware Campaign Domain in DNS Lookup (ep-lively-cherry-a80bmwii .eastus2 .azure .neon .tech)
Sourceet/open
CreatedMay 20, 2026
UpdatedMay 20, 2026
Classificationtrojan-activity
alert dns $HOME_NET any -> any any (msg:"ET MALWARE The Gentlemen Ransomware Campaign Domain in DNS Lookup (ep-lively-cherry-a80bmwii .eastus2 .azure .neon .tech)"; dns.query; bsize:49; content:"ep-lively-cherry-a80bmwii.eastus2.azure.neon.tech"; nocase; reference:url,thedfirreport.com/2026/05/11/flash-alert-etherrat-and-tuktuk-c2-end-in-the-gentleman-ransomware/; classtype:trojan-activity; sid:2069359; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_and_Server, created_at 2026_05_20, deployment Perimeter, malware_family EtherRAT, malware_family TukTuk, performance_impact Low, confidence High, signature_severity Major, tag Ransomware, updated_at 2026_05_20, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1573, mitre_technique_name Encrypted_Channel;)
References
Metadata
affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit
attack targetClient_and_Server
created at2026_05_20
deploymentPerimeter
malware familyTukTuk
performance impactLow
confidenceHigh
signature severityMajor
tagRansomware
updated at2026_05_20
mitre tactic idTA0011
mitre tactic nameCommand_And_Control
mitre technique idT1573
mitre technique nameEncrypted_Channel
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!