THL-ARPA-004 Outbound SSH to ARPA Operator VPS - Potential Insider Reverse Tunnel Registration
Sourcehunters-ledger
Filehunters-ledger.rules
CreatedJuly 5, 2026
UpdatedJuly 5, 2026
Classificationtrojan-activity
alert tcp $HOME_NET any -> 209.38.205.158 22 (msg:"THL-ARPA-004 Outbound SSH to ARPA Operator VPS - Potential Insider Reverse Tunnel Registration"; flags:S; flow:to_server; threshold:type limit, track by_src, count 1, seconds 60 ; sid:3500103; rev:1; classtype:trojan-activity; metadata:author The_Hunters_Ledger, campaign Turkish-ARPA-State-Insurer, created 2026-05-26, mitre_attack T1572;)
Metadata
authorThe_Hunters_Ledger
campaignTurkish-ARPA-State-Insurer
created2026-05-26
mitre attackT1572
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!