Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg: "STEALER [PTsecurity] MetaStealer"; flow: established, to_client; content: "200"; http_stat_code; content: "Content-Length: 46"; http_header; content: "{|22|ok|22|:|22|"; http_server_body; depth: 7; pcre: "/[a-fA-F0-9]{8}-(?:[a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}\x22\x7d\x0a/RQ"; isdataat: !1, relative; reference: url, https://app.any.run/tasks/a3bfd605-f3ef-43e4-85bc-7e909275a770; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10007504; rev: 4;)