🐾 - 🚨 Certificat TLS suspect - 🎛 Possible IceID C2- Sodinokibi 🔒 Ransomware

SID: 3300655Rev: 50 views
Sourcepawpatrules
CreatedMay 14, 2021
UpdatedDecember 3, 2022
Classificationtrojan-activity
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"🐾 - 🚨 Certificat TLS suspect - 🎛 Possible IceID C2- Sodinokibi 🔒 Ransomware"; flow:to_client, stateless; tls.cert_subject; content:"CN=localhost"; nocase; content:"O=Internet Widgits Pty Ltd"; nocase; tls.cert_issuer; content:"O=Internet Widgits Pty Ltd"; fast_pattern; nocase; reference:url,https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/details/win.revil; metadata:created_at 2021_05_14, updated_at 2022_12_03; sid:3300655; rev:5; classtype:trojan-activity;)

References

urlhttps://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
urlhttps://malpedia.caad.fkie.fraunhofer.de/details/win.revil

Metadata

created at2021_05_14
updated at2022_12_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!