Versions (6)
Version DetailsCurrent
Rev: 3 • Oct 9, 2025, 2:49 PMREMOTE [PTsecurity] XWorm Ping
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "REMOTE [PTsecurity] XWorm Ping"; flow: established, to_server; dsize: 19; content: "16|00 53 9c 47 5c 59 25 30 ab 7d 21 76 83 fa 5e 04 9e|"; depth: 19; threshold: type limit, track by_dst, seconds 120, count 1; reference: md5, ed22b81e3a57a1622dd8a8900411e520; reference: url, github.com/Shinyenigma/XWorm-RAT/; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10008313; rev: 3;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules