Versions (7)
Version DetailsCurrent
Rev: 2 • Oct 9, 2025, 2:49 PMSTEALER [PTsecurity] ZZSteal
alert http any any -> any any (msg: "STEALER [PTsecurity] ZZSteal"; flow: established, to_server; http.method; content: "POST"; http.uri; content: "/upwawsfrg.php"; isdataat: !1, relative; http.cookie; content: "SESSION="; depth: 8; http.header; content: "Content-Type: application/x-www-form-urlencoded"; content: "User-Agent: Mozilla / 5.0(Windows NT 10.0|3b| Win64|3b| x64|3b| rv: 108.0) Gecko / 20100101 Firefox / 108.0"; fast_pattern; content: !"Referer"; http.request_body; content: "Name="; depth: 5; content: "&dataFile="; distance: 5; within: 30; reference: url, https://tria.ge/240403-pm36fsda7z/behavioral2; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10011385; rev: 2;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules