Versions (6)
Version DetailsCurrent
Rev: 7 • Oct 9, 2025, 2:49 PMREMOTE [PTsecurity] PupyRAT SSL Cert
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"REMOTE [PTsecurity] PupyRAT SSL Cert"; flow:established, to_client; content:"|55 04|"; depth:300; content:"|07 43 4F 4E 54 52 4F 4C 30|"; distance:2; within:9; reference:url, https://www.hybrid-analysis.com/sample/0596c1a26ba2e6b171c9bba2bfe944d252c255a35523f68cdbc1339151580c68?environment_id=100; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10004069; rev:7;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules