alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN LeChiffre? Ransomware CnC?"; flow:to_server,established; content:"GET"; http_method; content:"/sipvoice.php?"; http_uri; depth:14; fast_pattern; content:"&session="; http_uri; distance:0; content:"Keep-Alive|3a 20|300"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"Mozilla/4.0 (compatible|3b 20|Synapse)"; http_user_agent; depth:33; metadata: former_category MALWARE; reference:md5,4523ccfd191dcceeae8e884f82f5c7ad; reference:url,blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/; classtype:trojan-activity; sid:2022406; rev:3; metadata:created_at 2016_01_25, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN LeChiffre? Ransomware CnC?"; flow:to_server,established; content:"GET"; http_method; content:"/sipvoice.php?"; http_uri; depth:14; fast_pattern; content:"&session="; http_uri; distance:0; content:"Keep-Alive|3a 20|300"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|Synapse)"; http_header; metadata: former_category MALWARE; reference:md5,4523ccfd191dcceeae8e884f82f5c7ad; reference:url,blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/; classtype:trojan-activity; sid:2022406; rev:2; metadata:created_at 2016_01_25, updated_at 2016_01_25;)

Added 2019-09-19 19:26:35 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN LeChiffre? Ransomware CnC?"; flow:to_server,established; content:"GET"; http_method; content:"/sipvoice.php?"; http_uri; depth:14; fast_pattern; content:"&session="; http_uri; distance:0; content:"Keep-Alive|3a 20|300"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|Synapse)"; http_header; reference:md5,4523ccfd191dcceeae8e884f82f5c7ad; reference:url,blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/; classtype:trojan-activity; sid:2022406; rev:2; metadata:created_at 2016_01_25, updated_at 2016_01_25;)

Added 2018-09-13 19:52:11 UTC


Added 2018-09-13 18:00:41 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN LeChiffre? Ransomware CnC?"; flow:to_server,established; content:"GET"; http_method; content:"/sipvoice.php?"; http_uri; depth:14; fast_pattern; content:"&session="; http_uri; distance:0; content:"Keep-Alive|3a 20|300"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|Synapse)"; http_header; reference:md5,4523ccfd191dcceeae8e884f82f5c7ad; reference:url,blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/; classtype:trojan-activity; sid:2022406; rev:2; metadata:created_at 2016_01_25, updated_at 2016_01_25;)

Added 2017-08-07 21:17:17 UTC


alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN LeChiffre? Ransomware CnC?"; flow:to_server,established; content:"GET"; http_method; content:"/sipvoice.php?"; http_uri; depth:14; fast_pattern; content:"&session="; http_uri; distance:0; content:"Keep-Alive|3a 20|300"; http_header; content:!"Accept"; http_header; content:!"Referer|3a|"; http_header; content:"User-Agent|3a 20|Mozilla/4.0 (compatible|3b 20|Synapse)"; http_header; reference:md5,4523ccfd191dcceeae8e884f82f5c7ad; reference:url,blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/; classtype:trojan-activity; sid:2022406; rev:2;)

Added 2016-01-25 18:28:04 UTC


Topic revision: r1 - 2019-10-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats