STEALER [PTsecurity] Trojan.Stealer
Sourceptrules/open
Fileptopen-malware.rules
CreatedOctober 9, 2025
UpdatedOctober 9, 2025
Classificationtrojan-activity
alert http any any -> any any (msg:"STEALER [PTsecurity] Trojan.Stealer"; flow:established, to_server ; http.method; content:"POST"; http.header; content:"Accept-Encoding: identity" ; content:"User-Agent: Python-urllib/" ; content:"Content-Type: application/x-www-form-urlencoded" ; content:"Connection: close" ; content:!"Referer"; http.request_body; content:"Image Name"; content:"PID"; distance:0; content:"Session Name"; distance:0; content:"Session#"; distance:0; fast_pattern; content:"Mem Usage"; distance:0; reference:url, cyble.com/blog/silent-intrusion-unraveling-the-sophisticated-attack-leveraging-vs-code-for-unauthorized-access/ ; reference:url, rules.ptsecurity.com ; classtype:trojan-activity; sid:10012179; rev:1;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!