THL ShinyHunters DLS - Direct HTTP Connection to DLS Host 91.215.85.22 - Suricata Rule 1900090 (hunters-ledger)

THL ShinyHunters DLS - Direct HTTP Connection to DLS Host 91.215.85.22

SID: 1900090Rev: 1Enabled2 views

Filehunters-ledger.rules

CreatedJune 25, 2026

UpdatedJune 25, 2026

Classificationtrojan-activity

alert http $HOME_NET any -> 91.215.85.22 any (msg:"THL ShinyHunters DLS - Direct HTTP Connection to DLS Host 91.215.85.22"; flow:established,to_server; http.method; content:"GET"; classtype:trojan-activity; threshold:type limit, track by_src, seconds 300, count 1; sid:1900090; rev:1; metadata:author "The Hunters Ledger", reference https://the-hunters-ledger.com/reports/shinyhunters-dls-91-215-85-22-20260417/, created_at 2026-04-17, attack_target Client_Endpoint, mitre_tactic_id TA0040, mitre_technique_id T1657;)

Metadata

author"The Hunters Ledger"

referencehttps://the-hunters-ledger.com/reports/shinyhunters-dls-91-215-85-22-20260417/

created at2026-04-17

attack targetClient_Endpoint

mitre tactic idTA0040

mitre technique idT1657

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!