Rule History

SID: 10008312 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 3 • Oct 9, 2025, 2:49 PM

Message:

REMOTE [PTsecurity] XWorm Ping

Rule:

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"REMOTE [PTsecurity] XWorm Ping"; flow:established, from_server; dsize:19; content:"16|00 66 14 47 80 9b ae 6d c0 d9 1e 2b 17 b3 d8 4a 5a|"; depth:19; threshold:type limit, track by_dst, seconds 120, count 1; reference:md5, ed22b81e3a57a1622dd8a8900411e520; reference:url, github.com/Shinyenigma/XWorm-RAT/; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10008312; rev:3;)

Created:

Oct 9, 2025, 2:49 PM

Updated:

Oct 9, 2025, 2:49 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-malware.rules