Rule History

SID: 10004700 • Source: ptrules/open

Versions (7)

Version DetailsCurrent

Rev: 7 • Oct 9, 2025, 2:49 PM

Message:

BOTNET [PTsecurity] AESDDoS/Dofloo

Rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "BOTNET [PTsecurity] AESDDoS/Dofloo"; flow: established, to_server; stream_size: server, <, 3; content: "VERSONEX"; depth: 60; reference: url, https://app.any.run/tasks/81fdc653-6ce1-4512-9378-cfcda4495fbb; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10004700; rev: 7;)

Created:

Oct 9, 2025, 2:49 PM

Updated:

Oct 9, 2025, 2:49 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-malware.rules