|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-11-05 | |
| Rule Name: | Malware Havanacrypt Detection | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | HavanaCrypt is a ransomware disguised as a Google software update that uses a Microsoft web hosting service IP address as its C2 server to circumvent detection. This rule uses the User-Agent request header to detect the communication behavior of HavanaCrypt malware. Therefore, false positives may exist in this rule. Therefore, it is necessary to analyze and determine this rule together with other threat logs. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |