LOADER [PTsecurity] RtcpProxy (APT CloudAtlas)

SID: 10008367Rev: 228 views
History
Sourceptrules/open
CreatedOctober 9, 2025
UpdatedOctober 9, 2025
Classificationtrojan-activity
alert http any any -> any any (msg:"LOADER [PTsecurity] RtcpProxy (APT CloudAtlas)"; flow:established, to_client; content:"200"; http_stat_code; content:"<?xml version=|22|1.0|22| encoding=|22|utf-8|22|?><connect><result>"; http_server_body; depth:55; pcre:"/^(true|false)/RQ"; content:"</result></connect>"; http_server_body; distance:4; within:20; reference:url, research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine; reference:url, rules.ptsecurity.com; classtype:trojan-activity; sid:10008367; rev:2;)

References

urlresearch.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!