da_667 · @da_667
3107 followers · 195 posts · Server infosec.exchangeInterestingly enough, the second bot, GoTrim uses a very unique user-agent for doing external IP address checks against a number of "what's my IP address" services, with a very unique user-agent: go-external-ip
We already have a rule for that -- 2030468 go-external-ip library User-Agent
#Malware #Ransomware #ThreatIntel #iocs #iocexchange #Snort #Suricata #NSM #ThreatHunting #GoTrim #CIARansomware
#malware #ransomware #threatintel #iocs #iocexchange #snort #suricata #nsm #threathunting #gotrim #ciaransomware