""ET TROJAN RansomCrypt Intial Check-in""
SID: 2016748
Revision: 1
Class Type: trojan-activity
Metadata: created_at 2013_04_10, updated_at 2022_03_24
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: to_server,established
Contents:
-
Value: "GET " Depth: 4
-
Value: "Windows NT 5.1|3b| ru|3b|"
-
Value: "Gecko/20100722 Firefox/3.6.12|0d 0a|Host|3a|"
Within:
PCRE: "/^\/[a-zA-Z0-9]+\sHTTP/R"
Special Options: