🐾 - 🚨 Suspicious WinSCP 📂 SSH/SFTP connection to Internet 🌐 - 👀 used including by Lockbit ransomware group 👿

SID: 3300126Rev: 11 views
Sourcepawpatrules
CreatedJuly 9, 2023
UpdatedJuly 9, 2023
Classificationpolicy-violation
alert ssh any any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 Suspicious WinSCP 📂 SSH/SFTP connection to Internet 🌐 - 👀 used including by Lockbit ransomware group 👿"; flow:to_server, stateless; threshold:type limit, track by_src,count 1, seconds 3600; ssh.software; content:"WinSCP_"; fast_pattern; nocase; reference:url,https://winscp.net/; reference:url,https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a; metadata:created_at 2023_07_09, updated_at 2023_07_09; sid:3300126; rev:1; classtype:policy-violation;)

References

urlhttps://winscp.net/
urlhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

Metadata

created at2023_07_09
updated at2023_07_09

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!