APP [PTsecurity] MTproto Telegram pkt chk#2

SID: 11004536Rev: 30 views
Sourceptresearch/attackdetection
CreatedFebruary 19, 2019
UpdatedMarch 20, 2021
Classificationmisc-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"APP [PTsecurity] MTproto Telegram pkt chk#2"; flow:established, to_server; dsize:130<>450; stream_size:server, >,100; stream_size:server, <,200; stream_size:client, >,260; stream_size:client, <,880; flowbits:isset, FBMproto_1; flowbits:unset, FBMproto_1; flowbits:set, FBMproto_2; flowbits:noalert; pcre:"/[\x09-\x0e]/"; reference:url, github.com/ptresearch/AttackDetection; metadata:autosign, id_0; metadata:created_at 2019_02_19, updated_at 2021_03_20; classtype:misc-activity; sid:11004536; rev:3;)

References

urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!