Rule History

SID: 10013744 • Source: ptrules/open

Versions (7)

Version DetailsCurrent

Rev: 1 • Oct 9, 2025, 2:49 PM

Message:

BANKER [PTsecurity] PhantomEnigma malicious browser extensions C2 Exfiltration

Rule:

alert http any any -> any any (msg: "BANKER [PTsecurity] PhantomEnigma malicious browser extensions C2 Exfiltration"; flow: established, to_server; http.header; content: "Content-Type|3a| application/json"; content: !"Referer"; http.request_body; content: "|22|identificacaoUsuario|22|"; depth: 1000; content: "|22|kopfdaten|22|"; depth: 1000; reference: url, rules.ptsecurity.com; classtype: trojan-activity; sid: 10013744; rev: 1;)

Created:

Oct 9, 2025, 2:49 PM

Updated:

Feb 13, 2026, 3:29 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Mar 2, 2026, 1:34 PM

Filename:

rules/ptopen-malware.rules