Versions (2)
Version DetailsCurrent
Rev: 1 • Oct 9, 2025, 2:49 PMBANKER [PTsecurity] SuperCard X Authorization Request
alert http any any -> any any (msg:"BANKER [PTsecurity] SuperCard X Authorization Request"; flow:established, to_server; http.method; content:"POST"; http.uri; content:"/auth/v1/token?grant_type=password"; startswith; fast_pattern; http.user_agent; content:"Ktor client"; bsize:11; http.header; content:"Authorization|3a| Bearer"; content:"Apikey|3a 20|"; nocase; content:"X-Client-Info|3a| supabase-kt/"; content:"Content-Type|3a| application/json"; content:!"Referer"; http.request_body; content:"{"; startswith; content:"|22|email|22|"; distance:0; content:"|22|password|22|"; distance:0; reference:url, www.virustotal.com/gui/file/3fb91010b9b7bfc84cd0c1421df0c8c3017b5ecf26f2e7dadfe611f2a834330c/detection; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10013905; rev:1;)
Oct 9, 2025, 2:49 PM
Oct 9, 2025, 2:49 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-malware.rules