Rule History

alert http any any -> any any (msg: "LOADER [PTsecurity] RtcpProxy (APT CloudAtlas)"; flow: established, to_client; content: "200"; http_stat_code; content: "<?xml version=|22|1.0|22| encoding=|22|utf-8|22|?><connect><result>"; http_server_body; depth: 55; pcre: "/^(true|false)/RQ"; content: "</result></connect>"; http_server_body; distance: 4; within: 20; reference: url, research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10008367; rev: 2;)