Rule History

SID: 10012145 • Source: ptrules/open

Versions (7)

Version DetailsCurrent

Rev: 2 • Oct 9, 2025, 2:49 PM

Message:

LOADER [PTsecurity] Bumblebee

Rule:

alert tcp any any -> any any (msg: "LOADER [PTsecurity] Bumblebee"; flow: established, to_server; dsize: 100<>200; stream_size: server, <, 3; stream_size: client, <, 201; content: "alcon|22 fe 94 63 4a 56|"; offset: 1; depth: 11; reference: url, https://www.virustotal.com/gui/file/c26344bfd07b871dd9f6bd7c71275216e18be265e91e5d0800348e8aa06543f9/detection; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10012145; rev: 2;)

Created:

Oct 9, 2025, 2:49 PM

Updated:

Oct 9, 2025, 2:49 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-malware.rules