Versions (6)
Version DetailsCurrent
Rev: 1 • Oct 9, 2025, 2:49 PMREMOTE [PTsecurity] Nerbian
alert tcp any any -> any any (msg: "REMOTE [PTsecurity] Nerbian"; flow: established, to_client; stream_size: client, <, 501; stream_size: client, >, 100; stream_size: server, <, 501; stream_size: server, >, 100; content: "4r3f"; depth: 4; fast_pattern; content: "|01 00 00|"; distance: 1; within: 3; threshold: type limit, track by_src, count 1, seconds 120; reference: url, https://www.virustotal.com/gui/file/19e0aab36e15ddb57e684748ac73dbced7d08e35c5950fe53a3b4011cba1f7ac/detection; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10011998; rev: 1;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules