Rule History

SID: 10011276 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 1 • Oct 9, 2025, 2:49 PM

Message:

REMOTE [PTsecurity] Remcos

Rule:

alert tcp any any -> any !$HTTP_PORTS (msg:"REMOTE [PTsecurity] Remcos"; flow:established, to_server; dsize:300<>450; stream_size:client, <, 451; content:"|01 80 b0 a6 75 bd 32 15 1c 8e|"; depth:10; threshold:type threshold, seconds 30, count 2, track by_dst; reference:url, https://www.virustotal.com/gui/file/7efd9de26a438503b6d0bc112ed76e29db45c3341b4b82ad81556c6218ca37cd/detection; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10011276; rev:1;)

Created:

Oct 9, 2025, 2:49 PM

Updated:

Oct 9, 2025, 2:49 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-malware.rules