SPYWARE [PTsecurity] Buhtrap

SID: 10003304Rev: 422 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedOctober 9, 2025
Classificationtrojan-activity
alert udp $HOME_NET any -> $HOME_NET 138 (msg:"SPYWARE [PTsecurity] Buhtrap"; content:"|5C|MAILSLOT|5C|"; content:!"|00|"; within:16; pcre:"/^[0-9A-F]{16,32}\x00/R"; pcre:"/[\x0e-\x19\x80-\xff]{5}/R"; threshold:type both, track by_src, count 4, seconds 3600; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10003304; rev:4;)

References

urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!