THL HUNT AI-Agent-Campaign Russian A2A C2 X-Agent-ID Header + API Endpoint (Case 1 C2 Protocol Indicator)

SID: 3500005Rev: 1Enabled2 views
Filehunters-ledger.rules
CreatedJuly 5, 2026
UpdatedJuly 5, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"THL HUNT AI-Agent-Campaign Russian A2A C2 X-Agent-ID Header + API Endpoint (Case 1 C2 Protocol Indicator)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/api/v1/"; http.header_names; content:"X-Agent-Id"; nocase; classtype:trojan-activity; threshold:type limit,track by_src,count 3,seconds 3600; sid:3500005; rev:1; metadata:author The_Hunters_Ledger, date 2026-05-25, reference https://the-hunters-ledger.com/hunting-detections/ai-agent-frameworks-2026-05-23-detections/;)

Metadata

authorThe_Hunters_Ledger
date2026-05-25
referencehttps://the-hunters-ledger.com/hunting-detections/ai-agent-frameworks-2026-05-23-detections/

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!