Versions (6)
Version DetailsCurrent
Rev: 3 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Petya ransomware perfc component
alert smb any any -> any any (msg:"ATTACK [PTsecurity] Petya ransomware perfc component"; flow:to_server, established, no_stream; content:"|fe 53 4d 42|"; offset:4; depth:4; content:"|05 00|"; distance:8; within:2; content:"W|00|i|00|n|00|d|00|o|00|w|00|s|00 5c 00|p|00|e|00|r|00|f|00|c|00|"; nocase; distance:106; within:36; reference:url, rules.ptsecurity.com; reference:url, www.ptsecurity.com/ru-ru/about/news/vse-chto-vy-hoteli-uznat-o-notpetya-no-boyalis-sprosit/; classtype:successful-admin; sid:10001443; rev:3;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules