THL FlaskC2-PostEx C2 Health Endpoint Response - Bespoke Flask C2 Active - Suricata Rule 1900011 (hunters-ledger)

THL FlaskC2-PostEx C2 Health Endpoint Response - Bespoke Flask C2 Active

SID: 1900011Rev: 1Enabled2 views

Filehunters-ledger.rules

CreatedJune 25, 2026

UpdatedJune 25, 2026

Classificationtrojan-activity

alert http $HOME_NET any -> 67.215.232.25 any (msg:"THL FlaskC2-PostEx C2 Health Endpoint Response - Bespoke Flask C2 Active"; flow:established,to_client; file_data; content:"active_servers"; nocase; content:"pending_commands"; nocase; distance:0; content:"completed_commands"; nocase; distance:0; content:"status"; nocase; distance:0; content:"timestamp"; nocase; distance:0; classtype:trojan-activity; reference:url,the-hunters-ledger.com/hunting-detections/flaskc2-postex-toolkit-67-215-232-25-detections/; sid:1900011; rev:1;)

References

url	the-hunters-ledger.com/hunting-detections/flaskc2-postex-toolkit-67-215-232-25-detections/

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!