SPYWARE [PTsecurity] SpyNote

SID: 10006759Rev: 43 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedOctober 9, 2025
Classificationtrojan-activity
alert tcp any any -> $EXTERNAL_NET any (msg:"SPYWARE [PTsecurity] SpyNote"; flow:established, to_server; stream_size:server, <, 3; content:"|00 1f 8b 08 00 00 00 00|"; offset:4; depth:8; pcre:"/^[0-9]{4}/"; reference:url, https://bulldogjob.pl/articles/1200-an-in-depth-analysis-of-spynote-remote-access-trojan; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10006759; rev:4;)

References

urlhttps://bulldogjob.pl/articles/1200-an-in-depth-analysis-of-spynote-remote-access-trojan
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!