🐾 - 🚨 SSH suspicious flow - Possible connection to FIN7 👿 C2

SID: 3300706Rev: 67 views
History
Sourcepawpatrules
CreatedDecember 28, 2022
UpdatedJune 27, 2024
Classificationtrojan-activity
alert ssh $EXTERNAL_NET [53,80,443] -> any any (msg:"🐾 - 🚨 SSH suspicious flow - Possible connection to FIN7 👿 C2"; flow:to_client, stateless; threshold:type limit, track by_src,count 1, seconds 3600; ssh.software; content:"openssh"; nocase; ssh.hassh.server; content:"b12d2871a1189eff20364cf5333619ee"; fast_pattern; reference:url,https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang; reference:url,https://www.prodaft.com/m/reports/FIN7_TLPCLEAR.pdf; reference:url,https://www.cert.ssi.gouv.fr/cti/CERTFR-2022-CTI-003/; reference:url,https://malpedia.caad.fkie.fraunhofer.de/actor/fin7; reference:url,https://pawpatrules.fr/references/fin7_ssh_backdoor.html; metadata:created_at 2022_12_28, updated_at 2024_06_27; sid:3300706; rev:6; classtype:trojan-activity;)

References

urlhttps://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang
urlhttps://www.prodaft.com/m/reports/FIN7_TLPCLEAR.pdf
urlhttps://www.cert.ssi.gouv.fr/cti/CERTFR-2022-CTI-003/
urlhttps://malpedia.caad.fkie.fraunhofer.de/actor/fin7
urlhttps://pawpatrules.fr/references/fin7_ssh_backdoor.html

Metadata

created at2022_12_28
updated at2024_06_27

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!