THL-ARPA-003 HTTP POST to ARPA Operator Instana Ingestion Endpoint - Observability Data Exfiltration - Suricata Rule 1900093 (hunters-ledger)

THL-ARPA-003 HTTP POST to ARPA Operator Instana Ingestion Endpoint - Observability Data Exfiltration

SID: 1900093Rev: 1Enabled1 views

Filehunters-ledger.rules

CreatedJune 25, 2026

UpdatedJune 25, 2026

Classificationtrojan-activity

alert http $HOME_NET any -> 209.38.205.158 any (msg:"THL-ARPA-003 HTTP POST to ARPA Operator Instana Ingestion Endpoint - Observability Data Exfiltration"; http.method; content:"POST"; http.uri; content:"/api/ingest/instana"; startswith; flow:to_server,established; sid:1900093; rev:1; classtype:trojan-activity; metadata:author The_Hunters_Ledger, campaign Turkish-ARPA-State-Insurer, created 2026-05-26, mitre_attack T1020;)

Metadata

authorThe_Hunters_Ledger

campaignTurkish-ARPA-State-Insurer

created2026-05-26

mitre attackT1020

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!