Versions (6)
Version DetailsCurrent
Rev: 1 • Oct 9, 2025, 2:49 PMREMOTE [PTsecurity] VxRAT
alert tcp any any -> $EXTERNAL_NET any (msg: "REMOTE [PTsecurity] VxRAT"; flow: established, to_server, only_stream; stream_size: client, >, 100; stream_size: client, <, 400; stream_size: server, <, 5; byte_test: 1, >, 0x63, 0; byte_test: 1, <, 0xc8, 0; content: "|00 00 00 00 00 00 00 00 00 00 00 54|"; offset: 1; depth: 12; content: "|40 00|"; distance: 6; within: 32; content: "|00 0a 00|"; distance: 6; within: 80; content: "|00 0a 00|"; distance: 6; within: 80; content: "|00 0a 00|"; distance: 6; within: 80; content: "|00|D|00|I|00|S|00|P|00|L|00|A|00|Y|00|"; distance: 0; fast_pattern; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10010999; rev: 1;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules