alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 2"; flow:established,to_server; content:"iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea"; http_header; fast_pattern:only; content:"Host|3a 20|"; http_header; pcre:"/^[^\s]*iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea\.[a-z]{2,5}\x0d\x0a/HRi"; reference:cve,2017-0144; reference:url,www.endgame.com/blog/wcrywanacry-ransomware-technical-analysis; reference:url,www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/; classtype:trojan-activity; sid:2024299; rev:3;)

Added 2017-05-19 23:15:47 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 2"; flow:established,to_server; content:"Host|3a 20|www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com"; http_header; reference:cve,2017-0144; reference:url,www.endgame.com/blog/wcrywanacry-ransomware-technical-analysis; classtype:trojan-activity; sid:2024299; rev:2;)

Added 2017-05-16 19:22:00 UTC


Topic revision: r1 - 2017-05-20 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats